From c2150f129ba45965349bb31be6b16f73c0578764 Mon Sep 17 00:00:00 2001
From: Ion Isle <zkh3@georgetown.edu>
Date: Sat, 23 Sep 2023 00:49:09 -0500
Subject: [PATCH] Add SSHGuard Configuration to Enhance Security example
 configuration.nix

Added the option to enable sshguard to the examples configuration.nix. I also included new Fixme lines to keep things consistent.
---
 examples/configuration.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/examples/configuration.nix b/examples/configuration.nix
index 5406e782a..53d886949 100644
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@@ -272,6 +272,15 @@
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
+    #
+    # FIXME: Decide if you want to enable SSHGuard
+    # services.sshguard.enable = true;
+    # services.sshguard.attack_threshold = 25;
+    # services.sshguard.detection_time = 3600;
+    #
+    # FIXME: Add an Allow List so you don't lock yourself out if you decide to 
+    # enable the service, this is optional but may lead to lockout. 
+    # services.sshguard.whitelist = ["192.168.1.1"];
   };
   users.users.root = {
     openssh.authorizedKeys.keys = [