Lander Van den Bulcke
c16a6ae16d
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
29 lines
599 B
Nix
29 lines
599 B
Nix
# adapted from github.com:Misterio77/nix-config
|
|
{ outputs, lib, config, ...}:
|
|
|
|
let
|
|
hosts = lib.attrNames outputs.nixosConfigurations;
|
|
in {
|
|
services.openssh = {
|
|
enable = true;
|
|
|
|
# Harden
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
|
|
# Automatically remove stale sockets
|
|
StreamLocalBindUnlink = "yes";
|
|
# Allow forwarding ports to everywhere
|
|
GatewayPorts = "clientspecified";
|
|
};
|
|
|
|
hostKeys = [
|
|
{
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
rounds = 100;
|
|
}
|
|
];
|
|
};
|
|
}
|