Commit 26d26610 authored by fpletz's avatar fpletz 🚧
Browse files

disable ssh password auth, refactor

parent bfdfb77b
...@@ -53,6 +53,9 @@ ...@@ -53,6 +53,9 @@
programs.vim.defaultEditor = true; programs.vim.defaultEditor = true;
environment.sessionVariables.PAN_MESA_DEBUG = "gl3"; environment.sessionVariables.PAN_MESA_DEBUG = "gl3";
# FIXME
services.openssh.passwordAuthentication = true;
users = { users = {
mutableUsers = false; mutableUsers = false;
users.lounge = { users.lounge = {
......
...@@ -42,6 +42,8 @@ ...@@ -42,6 +42,8 @@
environment.systemPackages = with pkgs; [ colmena lm_sensors ]; environment.systemPackages = with pkgs; [ colmena lm_sensors ];
services.fail2ban.enable = false;
users = { users = {
mutableUsers = false; mutableUsers = false;
users.root.openssh.authorizedKeys.keys = [ users.root.openssh.authorizedKeys.keys = [
......
...@@ -23,11 +23,14 @@ ...@@ -23,11 +23,14 @@
services.journald.extraConfig = '' services.journald.extraConfig = ''
SystemMaxUse=200M SystemMaxUse=200M
MaxRetentionSec=5d MaxRetentionSec=3d
''; '';
services.openssh.enable = true; services.openssh = {
services.fail2ban.enable = true; enable = true;
passwordAuthentication = lib.mkDefault false;
};
services.fail2ban.enable = lib.mkDefault true;
services.nginx = { services.nginx = {
package = pkgs.nginxMainline; package = pkgs.nginxMainline;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment