50 lines
1006 B
Nix
50 lines
1006 B
Nix
|
{
|
||
|
|
config,
|
||
|
|
lib,
|
||
|
|
...
|
||
|
|
}:
|
||
|
|
|
||
|
|
{
|
||
|
|
imports = [ ];
|
||
|
|
|
||
|
|
options.me = {
|
||
|
|
sshd.enable = lib.mkOption {
|
||
|
|
type = lib.types.bool;
|
||
|
|
default = false;
|
||
|
|
example = true;
|
||
|
|
description = "Whether we want to install sshd.";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
config = lib.mkIf config.me.sshd.enable {
|
||
|
|
services.openssh = {
|
||
|
|
enable = true;
|
||
|
|
settings = {
|
||
|
|
PasswordAuthentication = false;
|
||
|
|
KbdInteractiveAuthentication = false;
|
||
|
|
};
|
||
|
|
hostKeys = [
|
||
|
|
{
|
||
|
|
path = "/persist/ssh/ssh_host_ed25519_key";
|
||
|
|
type = "ed25519";
|
||
|
|
}
|
||
|
|
{
|
||
|
|
path = "/persist/ssh/ssh_host_rsa_key";
|
||
|
|
type = "rsa";
|
||
|
|
bits = 4096;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
|
||
|
|
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
|
||
|
|
hideMounts = true;
|
||
|
|
files = [
|
||
|
|
"/etc/ssh/ssh_host_rsa_key"
|
||
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
||
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
||
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|