mirror of
https://github.com/Stunkymonkey/nixos.git
synced 2025-10-31 09:42:11 +01:00
35 lines
1.1 KiB
Nix
35 lines
1.1 KiB
Nix
# An SSH server, using 'mosh'
|
|
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.services.ssh-server;
|
|
in
|
|
{
|
|
options.my.services.ssh-server = {
|
|
enable = lib.mkEnableOption "SSH Server using 'mosh'";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.openssh = {
|
|
# Enable the OpenSSH daemon.
|
|
enable = true;
|
|
# Be more secure
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
|
|
# Opens the relevant UDP ports.
|
|
programs.mosh.enable = true;
|
|
|
|
# WARNING: if you remove this, then you need to assign a password to your user, otherwise
|
|
# `sudo` won't work. You can do that either by using `passwd` after the first rebuild or
|
|
# by setting an hashed password in the `users.users.felix` block as `initialHashedPassword`.
|
|
# additionally needed for deployment
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
my.services.loki.rules = {
|
|
sshd_closed = {
|
|
condition = ''count_over_time({unit="sshd.service"} |~ "Connection closed by authenticating user" [15m]) > 25'';
|
|
description = "More then 25 users have tried logging in the last 15 min without success";
|
|
};
|
|
};
|
|
};
|
|
}
|