29 lines
674 B
Nix
29 lines
674 B
Nix
{ ... }:
|
|
{
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 22 ];
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
AllowAgentForwarding = false;
|
|
AllowGroups = [ "wheel" ];
|
|
AllowTcpForwarding = false;
|
|
ClientAliveCountMax = 2;
|
|
ClientAliveInterval = 300;
|
|
KbdInteractiveAuthentication = false;
|
|
LoginGraceTime = 20;
|
|
MaxAuthTries = 3;
|
|
MaxSessions = 4;
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
PermitTunnel = false;
|
|
PermitUserEnvironment = false;
|
|
StreamLocalBindUnlink = false;
|
|
X11Forwarding = false;
|
|
};
|
|
};
|
|
}
|