22 lines
483 B
Nix
22 lines
483 B
Nix
{ fleetFlake, ... }:
|
|
{
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
};
|
|
};
|
|
|
|
fail2ban = {
|
|
enable = true;
|
|
maxretry = 10;
|
|
};
|
|
};
|
|
|
|
# This makes sense only because I'm the only user for these machines
|
|
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues (
|
|
with (import "${fleetFlake}/lib"); keys.users // keys.hosts
|
|
);
|
|
}
|