feat: deployed frontend, postgres, rev-proxy, tailscale config, initialisation scripts

pkgs/ssh.nix

@@ -0,0 +1,25 @@
+{ pkgs, config, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    ports = [ 6968 ];
+    openFirewall = true;
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "luka" ];
+      UseDns = false; # Disable checking of rDNS records
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password";
+    };
+  };
+
+  services.fail2ban = {
+    enable = false;
+    bantime = "24h"; # Ban IPs for one day on the first ban
+    # ignoreIP = [ ];
+  };
+
+  networking.firewall.enable = true;
+}
+