feat(openssh): reconfigure hardening based on nixos wiki reccomendations

hosts/server/configuration.nix

@@ -42,18 +42,22 @@
   };
 
   # hardened openssh
-  services.openssh = {
-    allowSFTP = false;
-    extraConfig = ''
-      AllowTcpForwarding yes
-      X11Forwarding no
-      AllowAgentForwarding no
-      AllowStreamLocalForwarding no
-      AuthenticationMethods publickey
-    '';
+  services = {
+    fail2ban.enable = true;
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
+    openssh = {
+      enable = true;
+      ports = [ 5011 ];
       settings = {
-      KbdInteractiveAuthentication = false;
         PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+        AllowUsers = [ "srv" ];
+      };
     };
   };