44 lines
942 B
Nix
44 lines
942 B
Nix
{
|
|
config,
|
|
outputs,
|
|
lib,
|
|
self,
|
|
...
|
|
}:
|
|
let
|
|
hosts = lib.attrNames outputs.nixosConfigurations;
|
|
inherit (lib) mkIf mkEnableOption;
|
|
cfg = config.nixos.services.openssh;
|
|
|
|
hostsWithKeys = builtins.filter (
|
|
hostname: builtins.pathExists "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub"
|
|
) hosts;
|
|
in
|
|
{
|
|
options = {
|
|
nixos.services.openssh = {
|
|
enable = mkEnableOption "Enables openssh";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
programs.ssh = {
|
|
knownHosts = lib.genAttrs hostsWithKeys (hostname: {
|
|
publicKeyFile = "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub";
|
|
});
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
AcceptEnv = "WAYLAND_DISPLAY";
|
|
GatewayPorts = "clientspecified";
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
StreamLocalBindUnlink = "yes";
|
|
X11Forwarding = true;
|
|
};
|
|
};
|
|
};
|
|
}
|