Improve SSH config

1 files changed, 28 insertions, 3 deletions

diff --git a/modules/base.nix b/modules/base.nix

index 3b34ff3..c9657e4 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -22,6 +22,8 @@
       };
       timeout = 1;
     };
+    # Emma - Is this secure?
+    #initrd.network.ssh.enable = true;
   };
 
   networking = {
@@ -39,14 +41,39 @@
     useDHCP = false;
     nameservers = [ "1.1.1.1" ];
     defaultGateway = "192.168.1.1";
+
+    extraHosts = ''
+      192.168.1.2 secrets.spacebar.local
+    '';
   };
 
   services = {
     openssh = {
       enable = true;
-    };	
+      banner = [
+        " yg__    _ay      yggggy                                 $@@                    "
+        " @@@@@gg@@@@     a@@~~~~ yy_yggy   yggy_yy _yaggy _yggy_ $@@yagy_  _agy_yy,yy_yg"
+        "g@@~~~$~~~$@$    `?@@@gy @@@~~R@@_@@P~~@@@y@@F~~~g@@~_$@$$@@F~~@@La@@~~4@@L@@@F~"
+        "@@@yyy@yyy@@@    y___y@@F@@$__g@@M@@L__a@@4@@y___4@@~~~~~$@@__y@@F$@$__y@@L@@$  "
+        "`?PPPPPPPPPF~    fR@@@P~ @@F4@@P~ ~4@@P~RR ~4@@@P ~4@@@P 4RF?@@P~  ~R@RFRRFRRF  "
+        "                         @@F                                                    "
+      ];
+      settings = {
+        PasswordAuthentication = false;
+        GatewyPorts = "yes";
+        KbdInteractiveAuthentication = false;
+      };
+      startWhenNeeded = true;
+    };
   };
 
+  security = {
+    sudo = { 
+      wheelNeedsPassword = false;
+      execWheelOnly = true;
+    }
+    polkit.enable = true;
+  };
 
   environment.systemPackages = with pkgs; [
     wget
@@ -70,8 +97,6 @@
   i18n.defaultLocale = "en_US.UTF-8";
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   nixpkgs.config.allowUnfree = true;
-  security.sudo.wheelNeedsPassword = false;
-  security.polkit.enable = true;
   sound.enable = false;
   system.stateVersion = "22.11"; # DO NOT EDIT!
 }