start to refactor nixos modules

author: Franck Cuny <franck@fcuny.net> 2025-09-12 13:11:20 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-09-12 13:55:09 -0700
commit: 2fea36c19eb904125e2db5ba230b28d72dc881db (patch)
tree: 4233e16f0d50aec1cd5e4d3e5f5ed1b8728e380c /modules/nixos/ssh.nix
parent: move common modules together and simplify imports (diff)
download: infra-2fea36c19eb904125e2db5ba230b28d72dc881db.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/modules/nixos/ssh.nix b/modules/nixos/ssh.nix
new file mode 100644
index 0000000..b4c8772
--- /dev/null
+++ b/modules/nixos/ssh.nix
@@ -0,0 +1,21 @@
+{ lib, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  services.openssh = {
+    enable = lib.mkDefault true;
+    settings = {
+      PasswordAuthentication = lib.mkForce false;
+      KbdInteractiveAuthentication = lib.mkForce false;
+
+      PermitRootLogin = lib.mkForce "prohibit-password";
+    };
+    openFirewall = lib.mkDefault true;
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-09-12 13:11:20 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-09-12 13:55:09 -0700
commit	2fea36c19eb904125e2db5ba230b28d72dc881db (patch)
tree	4233e16f0d50aec1cd5e4d3e5f5ed1b8728e380c /modules/nixos/ssh.nix
parent	move common modules together and simplify imports (diff)
download	infra-2fea36c19eb904125e2db5ba230b28d72dc881db.tar.gz