ssh: add security

modules/nixos/programs.nix

@@ -26,9 +26,24 @@
 		c-ares ffmpeg gtk3 http-parser libevent libvpx libxslt minizip nss re2 snappy libnotify libappindicator-gtk3
 	];
 
+	services.fail2ban = {
+		enable = true;
+		# Ban IP after 5 failures
+		maxretry = 5;
+		ignoreIP = [
+			"10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"
+		];
+	};
+
 	services.openssh = {
 		enable = true;
 		ports = [ 22 ];
+		settings = {
+			PasswordAuthentication = false;
+			KbdInteractiveAuthentication = false;
+			PermitRootLogin = "no";
+			AllowUsers = [ "ocbwoy3" "git" ];
+		};
 		# fucks up ssh connections from iphone if you enable this
 		# settings = {
 		# 	KexAlgorithms = [ "curve25519-sha256@libssh.org" ];