30 lines
612 B
Nix
30 lines
612 B
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
inherit (lib) mkEnableOption mkIf;
|
|
cfg = config.horseman.network.ssh;
|
|
in {
|
|
options = {
|
|
horseman.network.ssh = {
|
|
enable = mkEnableOption "";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
AllowUsers = ["horseman"];
|
|
};
|
|
extraConfig = ''
|
|
Hostkey ${config.age.secrets.personalSSH.path}
|
|
Hostkey ${config.age.secrets.githubSSH.path}
|
|
'';
|
|
};
|
|
};
|
|
}
|