yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bug

Browse source
This commit is contained in:
Yan Lin 2025-09-13 21:17:45 +02:00
parent 3b3c58b346
commit 05bfef728b
1 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
modules/borg-server.nix
View file

@ -76,20 +76,20 @@ in
enable = true; enable = true;
ports = [ cfg.sshPort ]; ports = [ cfg.sshPort ];
settings = { settings = {
# SSH hardening for borg users
Match = "Group borg-server";
PasswordAuthentication = false;
PubkeyAuthentication = true;
PermitRootLogin = "no";
X11Forwarding = false;
AllowAgentForwarding = false;
AllowTcpForwarding = false;
PermitTunnel = "no";
# Keep connection alive settings # Keep connection alive settings
ClientAliveInterval = 10; ClientAliveInterval = 10;
ClientAliveCountMax = 30; ClientAliveCountMax = 30;
}; };
extraConfig = ''
# SSH hardening for borg users
Match Group borg-server
PasswordAuthentication no
PubkeyAuthentication yes
X11Forwarding no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
'';
}; };
# Open firewall port # Open firewall port