gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tf): proxprovider

Browse source
This commit is contained in:
arcnmx 2024-01-26 14:53:04 -08:00
parent b4cbaf5ee1
commit e37624bb2a
9 changed files with 124 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

21
nixos/base/ssh.nix
View file

@ -4,8 +4,9 @@
pkgs,
...
}: let
inherit (lib.modules) mkDefault;
publicPort = 62954;
in with lib; {
in {
/*
security.pam.services.sshd.text = mkDefault (mkAfter ''
session required pam_exec.so ${katnotify}/bin/notify
@ -13,17 +14,17 @@ in with lib; {
*/
services.openssh = {
enable = true;
ports = lib.mkDefault [publicPort 22];
openFirewall = false;
enable = mkDefault true;
ports = mkDefault [publicPort 22];
openFirewall = mkDefault false;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkDefault "prohibit-password";
PasswordAuthentication = mkDefault false;
KbdInteractiveAuthentication = mkDefault false;
PermitRootLogin = mkDefault "prohibit-password";
KexAlgorithms = ["curve25519-sha256@libssh.org"];
PubkeyAcceptedAlgorithms = "+ssh-rsa";
StreamLocalBindUnlink = "yes";
LogLevel = "VERBOSE";
PubkeyAcceptedAlgorithms = mkDefault "+ssh-rsa";
StreamLocalBindUnlink = mkDefault "yes";
LogLevel = mkDefault "VERBOSE";
};
};
networking.firewall = {