diff --git a/.gitignore b/.gitignore
index caf0618..250e145 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
 .direnv
 .envrc
 
+.*.swp
+*.retry
 result
-result-man
\ No newline at end of file
+result-*
\ No newline at end of file
diff --git a/modules/security.nix b/modules/security.nix
new file mode 100644
index 0000000..92da521
--- /dev/null
+++ b/modules/security.nix
@@ -0,0 +1,21 @@
+{ config, lib, ... }:
+{
+  config = {
+    services = lib.mkIf config.services.gitea.enable {
+      openssh = {
+        extraConfig = ''
+          Match User gitea
+            AllowAgentForwarding no
+            AllowTcpForwarding no
+            PermitTTY no
+            X11Forwarding no
+        '';
+      };
+
+      gitea.settings."ssh.minimum_key_sizes" = {
+        ECDSA = -1;
+        RSA = 4095;
+      };
+    };
+  };
+}
\ No newline at end of file