nixos-config/modules/server/network.nix

{ lib, config, ... }:
with lib;
{
  config = {
    services.openssh = {
      enable = true;
      settings = {
        StrictModes = true;
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitEmptyPasswords = "no";
      };
    };

    networking.firewall.allowedTCPPorts = [
      (mkIf config.services.nginx.enable 80)
      (mkIf config.services.nginx.enable 443)
      (mkIf config.services.openssh.enable 22)
    ];
  };
}
Add camelot initial config 2023-11-12 00:40:26 +01:00			`{ lib, config, ... }:`
			`with lib;`
			`{`
			`config = {`
Switch to colmena + drop some options + introduce okeanos + reworks 2024-07-30 20:42:59 +02:00			`services.openssh = {`
Add camelot initial config 2023-11-12 00:40:26 +01:00			`enable = true;`
Strengthen SSH auth 2024-07-27 11:43:04 +02:00			`settings = {`
			`StrictModes = true;`
			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`PermitEmptyPasswords = "no";`
			`};`
Add camelot initial config 2023-11-12 00:40:26 +01:00			`};`

			`networking.firewall.allowedTCPPorts = [`
			`(mkIf config.services.nginx.enable 80)`
			`(mkIf config.services.nginx.enable 443)`
Switch to colmena + drop some options + introduce okeanos + reworks 2024-07-30 20:42:59 +02:00			`(mkIf config.services.openssh.enable 22)`
Add camelot initial config 2023-11-12 00:40:26 +01:00			`];`
			`};`
			`}`