From 2ad98cde176526562a614ccd43a561ec400e0990 Mon Sep 17 00:00:00 2001
From: Hektor Misplon <hektor.misplon@pm.me>
Date: Sat, 4 Oct 2025 16:18:33 +0200
Subject: [PATCH] Defined systemd 'sshd.service' configuration

---
 configuration.nix | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/configuration.nix b/configuration.nix
index 89219f8..8a04028 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -23,4 +23,30 @@
   nixpkgs.config.allowUnfree = true;
 
   environment.systemPackages = with pkgs; [ neovim ];
+
+  services.spice-vdagentd.enable = true;
+  services.openssh = {
+    enable = false;
+    startWhenNeeded = true;
+    settings = {
+      ## hardening
+      PermitRootLogin = "no";
+      MaxAuthTries = 3;
+      LoginGraceTime = "1m";
+      PasswordAuthentication = false;
+      PermitEmptyPasswords = false;
+      ChallengeResponseAuthentication = false;
+      KerberosAuthentication = false;
+      GSSAPIAuthentication = false;
+      X11Forwarding = false;
+      PermitUserEnvironment = false;
+      AllowAgentForwarding = false;
+      AllowTcpForwarding = false;
+      PermitTunnel = false;
+      ## sshd_config defaults on Arch Linux
+      KbdInteractiveAuthentication = false;
+      UsePAM = true;
+      PrintMotd = false;
+    };
+  };
 }