os/mixin/ssh.nix — radicle-infra

rad:z254T5p17bdFPmzfDojsdjo4HjpoZ

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

.. cache.nix common.nix disk-config.nix kmscon.nix motd.nix nix.nix radicle-permissive.nix radicle-stats.nix radicle.nix sops.nix ssh.nix tor.nix users.nix

{
  pkgs,
  config,
  lib,
  ...
}: {
  services = {
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
      };

      hostKeys = [
        {
          path = "/etc/ssh/ssh_host_ed25519_key";
          type = "ed25519";
        }
      ];
    };

    sshguard.enable = true;
  };

  sops.age.sshKeyPaths = map (x: x.path) config.services.openssh.hostKeys;
}