ashie/nixos-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Harden SSH and enable post-quantum key exchange (sntrup761x25519-sha512) for system and Forgejo

Browse source
This commit is contained in:
ashisgreat22 2026-03-19 00:05:12 +01:00
parent abf2080f91
commit f646c091cc
2 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/forgejo.nix
View file

@ -54,6 +54,10 @@ in
SSH_PORT = 2222;
START_SSH_SERVER = true;
SSH_LISTEN_ADDR = "0.0.0.0";
# SSH Hardening
SSH_SERVER_KEY_EXCHANGES = "sntrup761x25519-sha512,curve25519-sha256,curve25519-sha256@libssh.org";
SSH_SERVER_CIPHERS = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com";
SSH_SERVER_MACS = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com";
};
service = {
DISABLE_REGISTRATION = cfg.disableRegistration;