From 3324013290acafbf7cac874de6df237a5ad41028 Mon Sep 17 00:00:00 2001
From: teesh3rt <ilaylevy611@gmail.com>
Date: Sun, 8 Feb 2026 22:57:13 +0200
Subject: [PATCH] feat: ooga booga my name sysadmin

---
 modules/server/fail2ban.nix | 11 +++++++++++
 modules/server/ssh.nix      | 16 ++++++++++++++--
 modules/settings.nix        |  1 +
 3 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 modules/server/fail2ban.nix

diff --git a/modules/server/fail2ban.nix b/modules/server/fail2ban.nix
new file mode 100644
index 0000000..d3c5f07
--- /dev/null
+++ b/modules/server/fail2ban.nix
@@ -0,0 +1,11 @@
+{...}: {
+  flake.modules.nixos.server = {
+    services.fail2ban.enable = true;
+    services.fail2ban.jails = {
+      sshd = {
+        enabled = true;
+        filter = "sshd";
+      };
+    };
+  };
+}
diff --git a/modules/server/ssh.nix b/modules/server/ssh.nix
index 393b98d..9397dca 100644
--- a/modules/server/ssh.nix
+++ b/modules/server/ssh.nix
@@ -1,5 +1,17 @@
-{...}: {
+{config, ...}: {
   flake.modules.nixos.server = {
-    services.openssh.enable = true;
+    services.openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "prohibit-password";
+        PasswordAuthentication = false;
+      };
+    };
+
+    users.users.${config.flake.meta.user.name} = {
+      openssh.authorizedKeys.keys = [
+        config.flake.meta.user.ssh_key
+      ];
+    };
   };
 }
diff --git a/modules/settings.nix b/modules/settings.nix
index 3c5cec9..dba810c 100644
--- a/modules/settings.nix
+++ b/modules/settings.nix
@@ -3,6 +3,7 @@
     name = "teesh";
     email = "ilaylevy611@gmail.com";
     face = ./assets/face.png;
+    ssh_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVaMnH7XOxnx+/hvO65gyi4Gx4449hTWxuXKXHokmh+ teesh@taki";
   };
 
   flake.meta.git.name = "teesh3rt";