feat(heimdall): add basic setup for a server.

2025-05-04 02:59:20 +02:00 · 2025-05-04 02:59:20 +02:00 · 564178ff24
commit 564178ff24
parent e58406b13a
6 changed files with 180 additions and 28 deletions
--- a/modules/servers/general/default.nix
+++ b/modules/servers/general/default.nix
@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./openssh.nix
+  ];
+}
--- a/modules/servers/general/openssh.nix
+++ b/modules/servers/general/openssh.nix
@ -0,0 +1,23 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      AllowUsers = ["root"];
+      X11Forwarding = false;
+      PasswordAuthentication = false;
+    };
+    extraConfig = ''
+      PubkeyAuthentication yes
+      PermitEmptyPasswords no
+
+      AddressFamily inet
+      MaxAuthTries 3
+    '';
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
+  ];
+
+  services.fail2ban.enable = true;
+}