42 lines
863 B
Nix
42 lines
863 B
Nix
{ ... }:
|
|
|
|
{
|
|
programs.ssh.startAgent = true;
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
PermitRootLogin = "prohibit-password";
|
|
PasswordAuthentication = false;
|
|
GatewayPorts = "yes";
|
|
UseDns = true;
|
|
};
|
|
listenAddresses = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 22;
|
|
}
|
|
];
|
|
banner = ''
|
|
___. ___.
|
|
\_ |__ ____\_ |__ ____ ______
|
|
| __ \_/ __ \| __ \ / _ \\____ \
|
|
| \_\ \ ___/| \_\ ( <_> ) |_> >
|
|
|___ /\___ >___ /\____/| __/
|
|
\/ \/ \/ |__|
|
|
'';
|
|
};
|
|
|
|
fail2ban = {
|
|
enable = true;
|
|
maxretry = 5;
|
|
ignoreIP = [
|
|
"127.0.0.0/8"
|
|
"10.0.0.0/8"
|
|
"172.16.0.0/12"
|
|
"192.168.0.0/16"
|
|
];
|
|
};
|
|
};
|
|
}
|