From 21db2e5762854966fb735e68d001e4ab6dbbbcbf Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Thu, 5 Sep 2024 02:14:50 -0700
Subject: Bump

---
 modules/system/access/ssh.nix | 45 ++++++++++++++++++++++++++-----------------
 1 file changed, 27 insertions(+), 18 deletions(-)

(limited to 'modules/system/access/ssh.nix')

diff --git a/modules/system/access/ssh.nix b/modules/system/access/ssh.nix
index b1fc187..8a2b30d 100644
--- a/modules/system/access/ssh.nix
+++ b/modules/system/access/ssh.nix
@@ -1,26 +1,35 @@
+{ lib, config, ... }:
 {
   programs.ssh.startAgent = false;
 
-  services.openssh = {
-    enable = true;
-    ports = [ 22 ];
-    openFirewall = false;
+  services = {
+    fail2ban.jails.sshd.settings = {
+      enabled = true;
+      filter = "sshd[mode=aggressive]";
+      port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
+    };
+
+    openssh = {
+      enable = true;
+      ports = [ 22 ];
+      openFirewall = false;
 
-    settings = {
-      KexAlgorithms = [
-        "curve25519-sha256"
-        "curve25519-sha256@libssh.org"
-        "diffie-hellman-group16-sha512"
-        "diffie-hellman-group18-sha512"
-        "diffie-hellman-group-exchange-sha256"
-        "sntrup761x25519-sha512@openssh.com"
-      ];
+      settings = {
+        KexAlgorithms = [
+          "curve25519-sha256"
+          "curve25519-sha256@libssh.org"
+          "diffie-hellman-group16-sha512"
+          "diffie-hellman-group18-sha512"
+          "diffie-hellman-group-exchange-sha256"
+          "sntrup761x25519-sha512@openssh.com"
+        ];
 
-      Macs = [
-        "hmac-sha2-512-etm@openssh.com"
-        "hmac-sha2-256-etm@openssh.com"
-        "umac-128-etm@openssh.com"
-      ];
+        Macs = [
+          "hmac-sha2-512-etm@openssh.com"
+          "hmac-sha2-256-etm@openssh.com"
+          "umac-128-etm@openssh.com"
+        ];
+      };
     };
   };
 }
-- 
cgit v1.2.3