System: Harden SSHD and authorize key

2026-02-16 20:01:40 +01:00
parent 86d669c2ab
commit 2919e797ed
2 changed files with 24 additions and 1 deletions
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@ -176,6 +176,22 @@
      fileSystems = ["/"];
    };

+    # Temporarily ban IPs for SSH after failed login attempts
+    fail2ban = {
+      enable = true;
+    };
+
+    openssh = {
+      ports = [5432];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+        AllowUsers = [username];
+        LogLevel = "VERBOSE"; # For fail2ban
+      };
+    };
+
    # Keep this as a system service because we're backing up /persist as root
    # TODO: The repository gets corrupted all the time, maybe because the service runs before the repository is mounted?
    #       - Was this caused by the NFS "soft" option?