From 81dd4e0557c2a5a9e59a3b1546f098044f18b61b Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Tue, 25 Apr 2023 10:21:07 +1000
Subject: [PATCH] roles/security: only allow ssh_host_ed25519_key

---
 roles/security.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/security.nix b/roles/security.nix
index 962765f..4539e83 100644
--- a/roles/security.nix
+++ b/roles/security.nix
@@ -25,6 +25,12 @@
     };
   };
 
+  services.openssh = {
+    hostKeys = [
+      { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
+    ];
+  };
+
   # Ban brute force SSH
   services.fail2ban.enable = true;
 }