From 920d3342d55312937fed357f9abe165bb2aa281b Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sat, 17 Jan 2026 18:34:56 +0100
Subject: nixos: ssh: harden

---
 modules/nixos/personal/user.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'modules/nixos/personal/user.nix')

diff --git a/modules/nixos/personal/user.nix b/modules/nixos/personal/user.nix
index ea0ce8c..630144a 100644
--- a/modules/nixos/personal/user.nix
+++ b/modules/nixos/personal/user.nix
@@ -32,6 +32,14 @@ in
         ];
       };
 
+      services.openssh.extraConfig = ''
+        Match user ${cfg.name}
+          AllowAgentForwarding yes
+          AllowTcpForwarding yes
+          PermitTTY yes
+          PermitUserRC yes
+      '';
+
       assertions =
         let
           missingArgAssertion = name: {
-- 
cgit v1.2.3