aboutsummaryrefslogtreecommitdiff
path: root/modules/nixos/server/openssh/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/server/openssh/default.nix')
-rw-r--r--modules/nixos/server/openssh/default.nix21
1 files changed, 6 insertions, 15 deletions
diff --git a/modules/nixos/server/openssh/default.nix b/modules/nixos/server/openssh/default.nix
index 675ceaf..a56460d 100644
--- a/modules/nixos/server/openssh/default.nix
+++ b/modules/nixos/server/openssh/default.nix
@@ -5,38 +5,30 @@
}:
let
- inherit (lib) mkEnableOption mkOption types mkIf;
+ inherit (lib) mkEnableOption mkIf;
cfg = config.nx.server.openssh;
in
{
options.nx.server.openssh = {
enable = mkEnableOption "OpenSSH server";
- port = mkOption {
- description = "Port for openssh";
- type = types.port;
- default = 8693;
- };
- allowedUsers = mkOption {
- description = "Users allowed to SSH";
- type = types.listOf types.str;
- default = [ ];
- };
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
- ports = [ cfg.port ];
+ ports = [ 8693 ];
settings = {
PasswordAuthentication = false;
- AllowUsers = cfg.allowedUsers;
+ AllowUsers = [ ];
X11Forwarding = false;
PermitRootLogin = "yes";
};
};
- networking.firewall.allowedTCPPorts = [ cfg.port ];
+ networking.firewall.allowedTCPPorts = [ 8693 ];
services.fail2ban = {
+ enable = true;
+ bantime = "1h";
jails = {
sshd = {
enabled = true;
@@ -45,7 +37,6 @@ in
backend = "systemd";
maxretry = 4;
findtime = "10m";
- bantime = "1h";
};
};
};
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 15:38:08 +0000