nixos/server/sshd.nix

{...}: {
  services.openssh = {
    enable = true;
    ports = [22];
    settings = {
      UseDns = true;
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      GatewayPorts = "yes";
      LogLevel = "VERBOSE";
    };
  };
  services.traefik.dynamicConfigOptions.tcp = {
    routers.ssh = {
      rule = "ClientIP(`192.168.0.0/16`)";
      entryPoints = ["ssh"];
      service = "ssh-redirect";
    };
    services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}];
  };
}
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`{...}: {`
Add sshd config to disallow root/passwordless login, change default port 2023-05-16 11:48:34 +01:00			`services.openssh = {`
			`enable = true;`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`ports = [22];`
Add sshd config to disallow root/passwordless login, change default port 2023-05-16 11:48:34 +01:00			`settings = {`
			`UseDns = true;`
Fix typoe 2023-05-16 12:06:28 +01:00			`PermitRootLogin = "no";`
Add sshd config to disallow root/passwordless login, change default port 2023-05-16 11:48:34 +01:00			`PasswordAuthentication = false;`
			`GatewayPorts = "yes";`
			`LogLevel = "VERBOSE";`
			`};`
			`};`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`services.traefik.dynamicConfigOptions.tcp = {`
			`routers.ssh = {`
			rule = "ClientIP(`192.168.0.0/16`)";
			`entryPoints = ["ssh"];`
			`service = "ssh-redirect";`
			`};`
			`services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}];`
			`};`
Add sshd config to disallow root/passwordless login, change default port 2023-05-16 11:48:34 +01:00			`}`