Networking: ssh

modules/nixos/networking/default.nix

@@ -8,7 +8,7 @@ in {
   imports = [
     #./firewall
 
-    #./ssh.nix
+    ./ssh.nix
     #./tailscale.nix
   ];
 

modules/nixos/networking/ssh.nix

@@ -0,0 +1,27 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+
+      ClientAliveCountMax = 5;
+      ClientAliveInterval = 60;
+    };
+    openFirewall = true;
+    ports = [22];
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}