feat: init openssh module

2023-04-26 19:23:23 -04:00 · 2023-04-26 19:23:23 -04:00 · 8fc554c879
commit 8fc554c879
parent 4d0ce516a8
6 changed files with 21 additions and 8 deletions
--- a/hosts/deploy.nix
+++ b/hosts/deploy.nix
@ -6,8 +6,7 @@ inputs: {
        user = "root";
        path = activate.nixos inputs.self.nixosConfigurations.hime;
      };
-      sshOpts = ["-i" "/etc/ssh/ssh_host_ed25519_key"];
      sshUser = "root";
    };
  };
- }
+}
--- a/hosts/hime/default.nix
+++ b/hosts/hime/default.nix
@ -22,10 +22,6 @@
    xkbVariant = "";
  };

-  services.openssh = {
-    enable = true;
-  };
-
  virtualisation.docker.enable = true;
  users = {
    defaultUserShell = pkgs.nushell;
--- a/hosts/sutakku/default.nix
+++ b/hosts/sutakku/default.nix
@ -48,5 +48,4 @@
    pinentryFlavor = "curses";
  };

-  services.openssh.enable = true;
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -4,5 +4,6 @@
    ./networking.nix
    ./nix.nix
    ./system.nix
+    ./openssh.nix
  ];
 }
--- a/modules/nix.nix
+++ b/modules/nix.nix
@ -29,7 +29,7 @@
        "https://hyprland.cachix.org"
        "https://cache.nixos.org"
      ];
-      trusted-users = [ "root" "@wheel" ];
+      trusted-users = ["root" "@wheel"];
      trusted-public-keys = [
        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
--- a/modules/openssh.nix
+++ b/modules/openssh.nix
@ -0,0 +1,18 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "yes";
+      StreamLocalBindUnlink = "yes";
+      GatewayPorts = "clientspecified";
+    };
+
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}