24 lines
497 B
Nix
24 lines
497 B
Nix
{
|
|
networking.firewall.enable = true;
|
|
|
|
security.sudo.execWheelOnly = true;
|
|
|
|
security.sudo.wheelNeedsPassword = true;
|
|
|
|
security.auditd.enable = true;
|
|
security.audit.enable = true;
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "no"; # distributed-build.nix requires it
|
|
settings.PasswordAuthentication = false;
|
|
allowSFTP = false;
|
|
};
|
|
fail2ban = {
|
|
enable = true;
|
|
};
|
|
};
|
|
nix.settings.allowed-users = ["root" "@users"];
|
|
}
|