From 8fc554c8796a7c9870b16f36131f8a5960b7e04a Mon Sep 17 00:00:00 2001
From: notohh <github@notohh.dev>
Date: Wed, 26 Apr 2023 19:23:23 -0400
Subject: [PATCH] feat: init openssh module

---
 hosts/deploy.nix          |  3 +--
 hosts/hime/default.nix    |  4 ----
 hosts/sutakku/default.nix |  1 -
 modules/default.nix       |  1 +
 modules/nix.nix           |  2 +-
 modules/openssh.nix       | 18 ++++++++++++++++++
 6 files changed, 21 insertions(+), 8 deletions(-)
 create mode 100644 modules/openssh.nix

diff --git a/hosts/deploy.nix b/hosts/deploy.nix
index 7a5260c..4fab360 100644
--- a/hosts/deploy.nix
+++ b/hosts/deploy.nix
@@ -6,8 +6,7 @@ inputs: {
         user = "root";
         path = activate.nixos inputs.self.nixosConfigurations.hime;
       };
-      sshOpts = ["-i" "/etc/ssh/ssh_host_ed25519_key"];
       sshUser = "root";
     };
   };
- }
\ No newline at end of file
+}
diff --git a/hosts/hime/default.nix b/hosts/hime/default.nix
index 069ff86..0801fb3 100644
--- a/hosts/hime/default.nix
+++ b/hosts/hime/default.nix
@@ -22,10 +22,6 @@
     xkbVariant = "";
   };
 
-  services.openssh = {
-    enable = true;
-  };
-
   virtualisation.docker.enable = true;
   users = {
     defaultUserShell = pkgs.nushell;
diff --git a/hosts/sutakku/default.nix b/hosts/sutakku/default.nix
index e263e3d..d56b475 100644
--- a/hosts/sutakku/default.nix
+++ b/hosts/sutakku/default.nix
@@ -48,5 +48,4 @@
     pinentryFlavor = "curses";
   };
 
-  services.openssh.enable = true;
 }
diff --git a/modules/default.nix b/modules/default.nix
index 16f687d..2702246 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -4,5 +4,6 @@
     ./networking.nix
     ./nix.nix
     ./system.nix
+    ./openssh.nix
   ];
 }
diff --git a/modules/nix.nix b/modules/nix.nix
index e14e359..1cf7879 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -29,7 +29,7 @@
         "https://hyprland.cachix.org"
         "https://cache.nixos.org"
       ];
-      trusted-users = [ "root" "@wheel" ];
+      trusted-users = ["root" "@wheel"];
       trusted-public-keys = [
         "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
diff --git a/modules/openssh.nix b/modules/openssh.nix
new file mode 100644
index 0000000..b5ca24d
--- /dev/null
+++ b/modules/openssh.nix
@@ -0,0 +1,18 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "yes";
+      StreamLocalBindUnlink = "yes";
+      GatewayPorts = "clientspecified";
+    };
+
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}