mirror of
https://github.com/srid/nixos-config.git
synced 2025-12-28 00:05:00 +08:00
24 lines
472 B
Nix
24 lines
472 B
Nix
{
|
|
|
|
# Firewall
|
|
networking.firewall.enable = true;
|
|
|
|
# Enable auditd
|
|
security.auditd.enable = true;
|
|
security.audit.enable = true;
|
|
|
|
# Standard openssh protections
|
|
#
|
|
# See primary-as-admin.nix to setup passwordless setup.
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "no";
|
|
settings.PasswordAuthentication = false;
|
|
allowSFTP = false;
|
|
};
|
|
};
|
|
|
|
# 🤲
|
|
nix.settings.allowed-users = [ "root" "@users" ];
|
|
}
|