diff options
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/core/ssh.nix | 19 | ||||
| -rw-r--r-- | profiles/server.nix | 4 |
2 files changed, 19 insertions, 4 deletions
diff --git a/profiles/core/ssh.nix b/profiles/core/ssh.nix new file mode 100644 index 0000000..f8c899a --- /dev/null +++ b/profiles/core/ssh.nix @@ -0,0 +1,19 @@ +{ lib, ... }: +{ + services.openssh = { + enable = lib.mkDefault true; + settings = { + PasswordAuthentication = lib.mkForce false; + KbdInteractiveAuthentication = lib.mkForce false; + + PermitRootLogin = lib.mkForce "prohibit-password"; + }; + openFirewall = lib.mkDefault true; + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; +} diff --git a/profiles/server.nix b/profiles/server.nix index 49a0bc7..c91546d 100644 --- a/profiles/server.nix +++ b/profiles/server.nix @@ -45,10 +45,6 @@ "1.0.0.1#cloudflare-dns.com" ]; - services.openssh.enable = true; - services.openssh.settings.PasswordAuthentication = false; - services.openssh.settings.PermitRootLogin = "no"; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" ]; |