roles/security: only allow ssh_host_ed25519_key

2023-04-25 10:21:07 +10:00 · 2023-04-25 10:21:07 +10:00 · 81dd4e0557
commit 81dd4e0557
parent 7e51f772b3
1 changed files with 6 additions and 0 deletions
--- a/roles/security.nix
+++ b/roles/security.nix
@ -25,6 +25,12 @@
    };
  };

+  services.openssh = {
+    hostKeys = [
+      { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
+    ];
+  };
+
  # Ban brute force SSH
  services.fail2ban.enable = true;
 }