50 lines
1.1 KiB
Nix
50 lines
1.1 KiB
Nix
{
|
|
outputs,
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
hosts = lib.attrNames outputs.nixosConfigurations;
|
|
in {
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
# Harden
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
|
|
# TODO: what does this d
|
|
# Let WAYLAND_DISPLAY be forwarded
|
|
AcceptEnv = "WAYLAND_DISPLAY";
|
|
X11Forwarding = true;
|
|
};
|
|
|
|
hostKeys = [
|
|
{
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
];
|
|
};
|
|
|
|
# TODO: is automatic known hosts file even necessary?
|
|
# programs.ssh = {
|
|
# # Each hosts public key
|
|
# knownHosts = lib.genAttrs hosts (hostname: {
|
|
# publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
|
|
# extraHostNames =
|
|
# [
|
|
# "${hostname}.m7.rs"
|
|
# ]
|
|
# ++
|
|
# # Alias for localhost if it's the same host
|
|
# (lib.optional (hostname == config.networking.hostName) "localhost")
|
|
# # Alias to m7.rs and git.m7.rs if it's alcyone
|
|
# ++ (lib.optionals (hostname == "alcyone") [
|
|
# "m7.rs"
|
|
# "git.m7.rs"
|
|
# ]);
|
|
# });
|
|
# };
|
|
}
|