nixos-framework-laptop-config/nixos/hardening.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  nix.settings.allowed-users = ["@wheel"];
  security.sudo.execWheelOnly = true;
  services.openssh = {
    allowSFTP = false;
    settings = {
      ChallengeResponseAuthentication = false;
      PasswordAuthentication = false;
    };
    extraConfig = ''
      AllowTcpForwarding yes
      X11Forwarding no
      AllowAgentForwarding no
      AllowStreamLocalForwarding no
      AuthenticationMethods publickey
    '';
  };
}
misc: initial commit 2024-12-28 19:33:49 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: {`
			`nix.settings.allowed-users = ["@wheel"];`
			`security.sudo.execWheelOnly = true;`
			`services.openssh = {`
			`allowSFTP = false;`
			`settings = {`
			`ChallengeResponseAuthentication = false;`
			`PasswordAuthentication = false;`
			`};`
			`extraConfig = ''`
			`AllowTcpForwarding yes`
			`X11Forwarding no`
			`AllowAgentForwarding no`
			`AllowStreamLocalForwarding no`
			`AuthenticationMethods publickey`
			`'';`
			`};`
			`}`