19 lines
473 B
Nix
19 lines
473 B
Nix
{fleetFlake, ...}: {
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
};
|
|
};
|
|
|
|
fail2ban = {
|
|
enable = true;
|
|
maxretry = 10;
|
|
};
|
|
};
|
|
|
|
# This makes sense only because I'm the only user for these machines
|
|
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (with (import "${fleetFlake}/lib"); keys.users // keys.hosts);
|
|
}
|