summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/openssh.nix75
-rw-r--r--system-profiles/openssh/default.nix65
2 files changed, 75 insertions, 65 deletions
diff --git a/modules/openssh.nix b/modules/openssh.nix
new file mode 100644
index 00000000..0ac2d2c6
--- /dev/null
+++ b/modules/openssh.nix
@@ -0,0 +1,75 @@
1{ ... }:
2
3with lib;
4
5{
6 options = {
7 services.openssh = {
8 settings.HostKeyAlgorithms = mkOption {
9 type = types.listOf types.str;
10 default = [
11 "ssh-ed25519"
12 "ssh-ed25519-cert-v01@openssh.com"
13 "sk-ssh-ed25519@openssh.com"
14 "sk-ssh-ed25519-cert-v01@openssh.com"
15 "ecdsa-sha2-nistp256"
16 "ecdsa-sha2-nistp256-cert-v01@openssh.com"
17 "ecdsa-sha2-nistp384"
18 "ecdsa-sha2-nistp384-cert-v01@openssh.com"
19 "ecdsa-sha2-nistp521"
20 "ecdsa-sha2-nistp521-cert-v01@openssh.com"
21 "sk-ecdsa-sha2-nistp256@openssh.com"
22 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
23 "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
24 "ssh-dss"
25 "ssh-dss-cert-v01@openssh.com"
26 "ssh-rsa"
27 "ssh-rsa-cert-v01@openssh.com"
28 "rsa-sha2-256"
29 "rsa-sha2-256-cert-v01@openssh.com"
30 "rsa-sha2-512"
31 "rsa-sha2-512-cert-v01@openssh.com"
32 ];
33 };
34 settings.CASignatureAlgorithms = mkOption {
35 type = types.listOf types.str;
36 default = [
37 "ssh-ed25519"
38 "ecdsa-sha2-nistp256"
39 "ecdsa-sha2-nistp384"
40 "ecdsa-sha2-nistp521"
41 "sk-ssh-ed25519@openssh.com"
42 "sk-ecdsa-sha2-nistp256@openssh.com"
43 "rsa-sha2-512"
44 "rsa-sha2-256"
45 ];
46 };
47 settings.PubkeyAcceptedAlgorithms = mkOption {
48 type = types.listOf types.str;
49 default = [
50 "ssh-ed25519"
51 "ssh-ed25519-cert-v01@openssh.com"
52 "sk-ssh-ed25519@openssh.com"
53 "sk-ssh-ed25519-cert-v01@openssh.com"
54 "ecdsa-sha2-nistp256"
55 "ecdsa-sha2-nistp256-cert-v01@openssh.com"
56 "ecdsa-sha2-nistp384"
57 "ecdsa-sha2-nistp384-cert-v01@openssh.com"
58 "ecdsa-sha2-nistp521"
59 "ecdsa-sha2-nistp521-cert-v01@openssh.com"
60 "sk-ecdsa-sha2-nistp256@openssh.com"
61 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
62 "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
63 "ssh-dss"
64 "ssh-dss-cert-v01@openssh.com"
65 "ssh-rsa"
66 "ssh-rsa-cert-v01@openssh.com"
67 "rsa-sha2-256"
68 "rsa-sha2-256-cert-v01@openssh.com"
69 "rsa-sha2-512"
70 "rsa-sha2-512-cert-v01@openssh.com"
71 ];
72 };
73 };
74 };
75}
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix
index df272f04..af4fb4ee 100644
--- a/system-profiles/openssh/default.nix
+++ b/system-profiles/openssh/default.nix
@@ -57,71 +57,6 @@ in {
57 type = types.bool; 57 type = types.bool;
58 default = pathExists (./host-keys + "/${hostName}.yaml"); 58 default = pathExists (./host-keys + "/${hostName}.yaml");
59 }; 59 };
60 settings.HostKeyAlgorithms = mkOption {
61 type = types.listOf types.str;
62 default = [
63 "ssh-ed25519"
64 "ssh-ed25519-cert-v01@openssh.com"
65 "sk-ssh-ed25519@openssh.com"
66 "sk-ssh-ed25519-cert-v01@openssh.com"
67 "ecdsa-sha2-nistp256"
68 "ecdsa-sha2-nistp256-cert-v01@openssh.com"
69 "ecdsa-sha2-nistp384"
70 "ecdsa-sha2-nistp384-cert-v01@openssh.com"
71 "ecdsa-sha2-nistp521"
72 "ecdsa-sha2-nistp521-cert-v01@openssh.com"
73 "sk-ecdsa-sha2-nistp256@openssh.com"
74 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
75 "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
76 "ssh-dss"
77 "ssh-dss-cert-v01@openssh.com"
78 "ssh-rsa"
79 "ssh-rsa-cert-v01@openssh.com"
80 "rsa-sha2-256"
81 "rsa-sha2-256-cert-v01@openssh.com"
82 "rsa-sha2-512"
83 "rsa-sha2-512-cert-v01@openssh.com"
84 ];
85 };
86 settings.CASignatureAlgorithms = mkOption {
87 type = types.listOf types.str;
88 default = [
89 "ssh-ed25519"
90 "ecdsa-sha2-nistp256"
91 "ecdsa-sha2-nistp384"
92 "ecdsa-sha2-nistp521"
93 "sk-ssh-ed25519@openssh.com"
94 "sk-ecdsa-sha2-nistp256@openssh.com"
95 "rsa-sha2-512"
96 "rsa-sha2-256"
97 ];
98 };
99 settings.PubkeyAcceptedAlgorithms = mkOption {
100 type = types.listOf types.str;
101 default = [
102 "ssh-ed25519"
103 "ssh-ed25519-cert-v01@openssh.com"
104 "sk-ssh-ed25519@openssh.com"
105 "sk-ssh-ed25519-cert-v01@openssh.com"
106 "ecdsa-sha2-nistp256"
107 "ecdsa-sha2-nistp256-cert-v01@openssh.com"
108 "ecdsa-sha2-nistp384"
109 "ecdsa-sha2-nistp384-cert-v01@openssh.com"
110 "ecdsa-sha2-nistp521"
111 "ecdsa-sha2-nistp521-cert-v01@openssh.com"
112 "sk-ecdsa-sha2-nistp256@openssh.com"
113 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
114 "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
115 "ssh-dss"
116 "ssh-dss-cert-v01@openssh.com"
117 "ssh-rsa"
118 "ssh-rsa-cert-v01@openssh.com"
119 "rsa-sha2-256"
120 "rsa-sha2-256-cert-v01@openssh.com"
121 "rsa-sha2-512"
122 "rsa-sha2-512-cert-v01@openssh.com"
123 ];
124 };
125 }; 60 };
126 }; 61 };
127 62