diff --git a/modules/services/openssh/default.nix b/modules/services/openssh/default.nix new file mode 100644 index 0000000..b472999 --- /dev/null +++ b/modules/services/openssh/default.nix @@ -0,0 +1,42 @@ +{ + options, + config, + lib, + pkgs, + format, + ... +}: +with lib; let + cfg = config.aa.services.openssh; + + user = config.users.users.${config.aa.user.name}; + user-id = builtins.toString user.uid; + + default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2"; +in { + options.aa.services.openssh = with types; { + enable = mkEnableOption "ssh"; + authorizedKeys = mkOption { + type = listOf str; + default = [default-key]; + description = "The public keys to authorize"; + }; + + config = mkIf config.enable { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = + if format == "install-iso" + then true + else false; + }; + }; + + aa.home.extraOptions = { + programs.openssh.authorizedKeys.keys = cfg.authorizedKeys; + }; + }; + }; +} diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 6d7fac1..2995f5a 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -25,6 +25,8 @@ apps.neovim.enable = true; apps.tmux.enable = true; + + services.openssh.enable = true; }; boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"]; @@ -136,15 +138,6 @@ # List services that you want to enable: - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; - services.geoclue2.enable = true; security.rtkit.enable = true;