fix vaultwarden

.gitignore

@@ -1,5 +1,7 @@
 .direnv
 .envrc
 
+.*.swp
+*.retry
 result
-result-man
+result-*

modules/security.nix

@@ -0,0 +1,21 @@
+{ config, lib, ... }:
+{
+  config = {
+    services = lib.mkIf config.services.gitea.enable {
+      openssh = {
+        extraConfig = ''
+          Match User gitea
+            AllowAgentForwarding no
+            AllowTcpForwarding no
+            PermitTTY no
+            X11Forwarding no
+        '';
+      };
+
+      gitea.settings."ssh.minimum_key_sizes" = {
+        ECDSA = -1;
+        RSA = 4095;
+      };
+    };
+  };
+}