dala/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Servers: Remove RSA SSH keys

Browse source
This commit is contained in:
Victor Mignot 2024-12-10 12:59:37 +01:00
parent 6555e2008e
commit 4cca387389
Signed by: dala
SSH key fingerprint: SHA256:+3O9MhlDc2tJL0n+E+Myr7nL+74DP9AXdIXHmIqZTkY
2 changed files with 21 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
modules/common/network.nix
View file

@ -1,9 +1,29 @@
{ lib, config, ... }: { lib, ... }:
with lib; with lib;
{ {
config = { config = {
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.useDHCP = mkDefault true; networking.useDHCP = mkDefault true;
networking.firewall.enable = true; networking.firewall.enable = true;
services.openssh = {
enable = true;
settings = {
StrictModes = true;
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitEmptyPasswords = "no";
};
openFirewall = true;
hostKeys = [
{
comment = "Main key";
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}; };
} }

11
modules/server/network.nix
View file

@ -2,20 +2,9 @@
with lib; with lib;
{ {
config = { config = {
services.openssh = {
enable = true;
settings = {
StrictModes = true;
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitEmptyPasswords = "no";
};
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
(mkIf config.services.nginx.enable 80) (mkIf config.services.nginx.enable 80)
(mkIf config.services.nginx.enable 443) (mkIf config.services.nginx.enable 443)
(mkIf config.services.openssh.enable 22)
]; ];
}; };
} }