Commit 26d26610 authored by fpletz's avatar fpletz 🚧
Browse files

disable ssh password auth, refactor

parent bfdfb77b
......@@ -53,6 +53,9 @@
programs.vim.defaultEditor = true;
environment.sessionVariables.PAN_MESA_DEBUG = "gl3";
# FIXME
services.openssh.passwordAuthentication = true;
users = {
mutableUsers = false;
users.lounge = {
......
......@@ -42,6 +42,8 @@
environment.systemPackages = with pkgs; [ colmena lm_sensors ];
services.fail2ban.enable = false;
users = {
mutableUsers = false;
users.root.openssh.authorizedKeys.keys = [
......
......@@ -23,11 +23,14 @@
services.journald.extraConfig = ''
SystemMaxUse=200M
MaxRetentionSec=5d
MaxRetentionSec=3d
'';
services.openssh.enable = true;
services.fail2ban.enable = true;
services.openssh = {
enable = true;
passwordAuthentication = lib.mkDefault false;
};
services.fail2ban.enable = lib.mkDefault true;
services.nginx = {
package = pkgs.nginxMainline;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment