30 lines
606 B
Nix
30 lines
606 B
Nix
{ pkgs, config, ... }:
|
|
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 6968 ];
|
|
openFirewall = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
AllowUsers = [ "luka" ];
|
|
UseDns = false; # Disable checking of rDNS records to speed up login
|
|
X11Forwarding = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
};
|
|
};
|
|
|
|
services.fail2ban = {
|
|
enable = false;
|
|
bantime = "24h"; # Ban IPs for one day on the first ban
|
|
# ignoreIP = [ ];
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
|
|
# allowedTCPPorts = [ ];
|
|
# allowedUDPPorts = [];
|
|
};
|
|
}
|
|
|