23 lines
513 B
Nix
23 lines
513 B
Nix
{ lib, ... }:
|
|
{
|
|
imports = [ ./fail2ban ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = lib.mkForce "no";
|
|
PrintLastLog = "no";
|
|
PasswordAuthentication = false;
|
|
PermitEmptyPasswords = true;
|
|
};
|
|
};
|
|
|
|
security.pam.services.sshd.allowNullPassword = true;
|
|
|
|
environment.persistence."/persist".files = [
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
|
];
|
|
}
|