feat(openssh): reconfigure hardening based on nixos wiki reccomendations

hosts/server/configuration.nix

@@ -42,18 +42,22 @@
   };
 
   # hardened openssh
-  services.openssh = {
+  services = {
-    allowSFTP = false;
+    fail2ban.enable = true;
-    extraConfig = ''
+    endlessh = {
-      AllowTcpForwarding yes
+      enable = true;
-      X11Forwarding no
+      port = 22;
-      AllowAgentForwarding no
+      openFirewall = true;
-      AllowStreamLocalForwarding no
+    };
-      AuthenticationMethods publickey
+    openssh = {
-    '';
+      enable = true;
-    settings = {
+      ports = [ 5011 ];
-      KbdInteractiveAuthentication = false;
+      settings = {
-      PasswordAuthentication = false;
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+        AllowUsers = [ "srv" ];
+      };
     };
   };