nix-config/configs/nixos/sshd.nix

28 lines
710 B
Nix
Raw Normal View History

2024-06-04 00:36:45 +02:00
{
config,
pkgs,
inputs,
configLib,
lib,
2024-06-04 00:36:45 +02:00
...
}: {
services.openssh = {
enable = true;
settings.PermitRootLogin = "prohibit-password";
settings.PasswordAuthentication = false;
};
# so we dont have to set TERM everytime we ssh in.
environment.systemPackages = with pkgs; [
kitty.terminfo
];
users.users.root.openssh.authorizedKeys.keys = lib.mkDefault (
if inputs ? nix-secrets
then (configLib.dirToStrings "${inputs.nix-secrets}/public-keys")
else []
);
2024-06-04 00:36:45 +02:00
# if it can log into root, it should also be able to log in to the main user.
users.users.${config.host.user}.openssh.authorizedKeys.keys =
config.users.users.root.openssh.authorizedKeys.keys;
}