Added ssh config

modules/services/openssh/default.nix

@@ -0,0 +1,42 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  format,
+  ...
+}:
+with lib; let
+  cfg = config.aa.services.openssh;
+
+  user = config.users.users.${config.aa.user.name};
+  user-id = builtins.toString user.uid;
+
+  default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
+in {
+  options.aa.services.openssh = with types; {
+    enable = mkEnableOption "ssh";
+    authorizedKeys = mkOption {
+      type = listOf str;
+      default = [default-key];
+      description = "The public keys to authorize";
+    };
+
+    config = mkIf config.enable {
+      services.openssh = {
+        enable = true;
+        settings = {
+          PasswordAuthentication = false;
+          PermitRootLogin =
+            if format == "install-iso"
+            then true
+            else false;
+        };
+      };
+
+      aa.home.extraOptions = {
+        programs.openssh.authorizedKeys.keys = cfg.authorizedKeys;
+      };
+    };
+  };
+}

systems/x86_64-linux/gospel/default.nix

@@ -25,6 +25,8 @@
 
     apps.neovim.enable = true;
     apps.tmux.enable = true;
+
+    services.openssh.enable = true;
   };
 
   boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
@@ -136,15 +138,6 @@
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "no";
-      PasswordAuthentication = false;
-    };
-  };
-
   services.geoclue2.enable = true;
 
   security.rtkit.enable = true;