chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update dependencies

Browse source
This commit is contained in:
Charlotte Van Petegem 2023-01-21 09:55:59 +01:00
parent e2c8045736
commit becf1495e5
No known key found for this signature in database
GPG key ID: 019E764B7184435A
4 changed files with 29 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/base/sshd/default.nix
View file

@ -7,12 +7,14 @@
};
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "prohibit-password";
hostKeys = [
{ bits = 4096; path = "${config.chvp.dataPrefix}/etc/ssh/ssh_host_rsa_key"; type = "rsa"; }
{ path = "${config.chvp.dataPrefix}/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
age.secrets."authorized_keys/root" = {

6
modules/services/data-access/config.nix
View file

@ -22,13 +22,15 @@
security.sudo.enable = false;
services.openssh = {
enable = true;
permitRootLogin = "no";
hostKeys = [
{ bits = 4096; path = "/run/secrets/ssh_host_rsa_key"; type = "rsa"; }
{ path = "/run/secrets/ssh_host_ed25519_key"; type = "ed25519"; }
];
settings = {
HostKeyAlgorithms = "+ssh-rsa";
PermitRootLogin = "no";
};
extraConfig = ''
HostKeyAlgorithms +ssh-rsa
Match group sftponly
X11Forwarding no
AllowTcpForwarding no