modules/base/openssh.nix at main · sharparam.com/nix-config

sharparam.com / nix-config

fork atom

this repo has no description

nix

fork atom

nix-config / modules / base / openssh.nix

at main 61 lines 1.4 kB view raw

wrap content

sharparam.com Migrate to den 3w ago

a71de0ac

 1{ lib, ... }:
 2let
 3  inherit (lib) mkDefault;
 4in
 5{
 6  den.aspects.base = {
 7    nixos = {
 8      services.openssh = {
 9        enable = mkDefault true;
10
11        hostKeys = mkDefault [
12          {
13            path = "/etc/ssh/ssh_host_rsa_key";
14            type = "rsa";
15            bits = 4096;
16          }
17          {
18            path = "/etc/ssh/ssh_host_ed25519_key";
19            type = "ed25519";
20            bits = 4096;
21          }
22        ];
23
24        ports = mkDefault [ 22 ];
25
26        settings = {
27          AuthenticationMethods = "publickey";
28          PasswordAuthentication = false;
29          # TODO: How to do format and "install-iso" in den?
30          # PermitRootLogin = if format == "install-iso" then "yes" else "no";
31          PermitRootLogin = "no";
32          PubkeyAuthentication = "yes";
33          UsePAM = true;
34          X11Forwarding = false;
35        };
36
37        startWhenNeeded = true;
38      };
39    };
40
41    darwin = {
42      services.openssh = {
43        enable = mkDefault true;
44
45        # TODO: Not supported on nix-darwin
46        # hostKeys = mkDefault [
47        #   {
48        #     path = "/etc/ssh/ssh_host_rsa_key";
49        #     type = "rsa";
50        #     bits = 4096;
51        #   }
52        #   {
53        #     path = "/etc/ssh/ssh_host_ed25519_key";
54        #     type = "ed25519";
55        #     bits = 4096;
56        #   }
57        # ];
58      };
59    };
60  };
61}