23 lines
532 B
Nix
23 lines
532 B
Nix
{
|
|
networking.firewall.enable = true;
|
|
|
|
services = {
|
|
fail2ban.enable = true;
|
|
openssh = {
|
|
enable = true;
|
|
ports = [22];
|
|
settings = {
|
|
KexAlgorithms = [
|
|
"curve25519-sha256"
|
|
"curve25519-sha256@libssh.org"
|
|
"diffie-hellman-group16-sha512"
|
|
"diffie-hellman-group18-sha512"
|
|
"sntrup761x25519-sha512@openssh.com"
|
|
];
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
StreamLocalBindUnlink = "yes";
|
|
};
|
|
};
|
|
};
|
|
}
|