diff options
-rw-r--r-- | configuration.nix | 11 | ||||
-rw-r--r-- | services/opensshd.nix | 19 |
2 files changed, 19 insertions, 11 deletions
diff --git a/configuration.nix b/configuration.nix index b92d72a..db99ca0 100644 --- a/configuration.nix +++ b/configuration.nix @@ -13,17 +13,6 @@ networking.hostName = "server1"; networking.domain = "vhack.eu"; - # openssh config - services.openssh = { - enable = true; - passwordAuthentication = false; - extraConfig = "PrintMotd yes\n"; # this could be done with pam - }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" - ]; - system.stateVersion = "22.11"; } # vim: ts=2 diff --git a/services/opensshd.nix b/services/opensshd.nix new file mode 100644 index 0000000..4bd38fd --- /dev/null +++ b/services/opensshd.nix @@ -0,0 +1,19 @@ +{ config, pkg, ... }: { + services.openssh = { + enable = true; + passwordAuthentication = false; + extraConfig = '' + PrintMotd yes + ''; # this could be done with pam + hostKeys = [{ + comment = "key comment"; + path = "/srv/sshd/ssh_host_ed25519_key"; + rounds = 1000; + type = "ed25519"; + }]; + }; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG63gxw8JePmrC8Fni0pLV4TnPBhCPmSV9FYEdva+6s7 sils" + ]; +} |