1 files changed, 75 insertions, 0 deletions
diff --git a/modules/openssh.nix b/modules/openssh.nix
new file mode 100644
index 00000000..0ac2d2c6
--- /dev/null
+++ b/modules/openssh.nix
@@ -0,0 +1,75 @@
+{ ... }:
+with lib;
+{
+  options = {
+    services.openssh = {
+      settings.HostKeyAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "ssh-ed25519"
+          "ssh-ed25519-cert-v01@openssh.com"
+          "sk-ssh-ed25519@openssh.com"
+          "sk-ssh-ed25519-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp256"
+          "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp384"
+          "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp521"
+          "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+          "sk-ecdsa-sha2-nistp256@openssh.com"
+          "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+          "ssh-dss"
+          "ssh-dss-cert-v01@openssh.com"
+          "ssh-rsa"
+          "ssh-rsa-cert-v01@openssh.com"
+          "rsa-sha2-256"
+          "rsa-sha2-256-cert-v01@openssh.com"
+          "rsa-sha2-512"
+          "rsa-sha2-512-cert-v01@openssh.com"
+        ];
+      };
+      settings.CASignatureAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "ssh-ed25519"
+          "ecdsa-sha2-nistp256"
+          "ecdsa-sha2-nistp384"
+          "ecdsa-sha2-nistp521"
+          "sk-ssh-ed25519@openssh.com"
+          "sk-ecdsa-sha2-nistp256@openssh.com"
+          "rsa-sha2-512"
+          "rsa-sha2-256"
+        ];
+      };
+      settings.PubkeyAcceptedAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "ssh-ed25519"
+          "ssh-ed25519-cert-v01@openssh.com"
+          "sk-ssh-ed25519@openssh.com"
+          "sk-ssh-ed25519-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp256"
+          "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp384"
+          "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp521"
+          "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+          "sk-ecdsa-sha2-nistp256@openssh.com"
+          "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+          "ssh-dss"
+          "ssh-dss-cert-v01@openssh.com"
+          "ssh-rsa"
+          "ssh-rsa-cert-v01@openssh.com"
+          "rsa-sha2-256"
+          "rsa-sha2-256-cert-v01@openssh.com"
+          "rsa-sha2-512"
+          "rsa-sha2-512-cert-v01@openssh.com"
+        ];
+      };
+    };
+  };
+}

diff --git a/modules/openssh.nix b/modules/openssh.nix new file mode 100644 index 00000000..0ac2d2c6 --- /dev/null +++ b/modules/openssh.nix
@@ -0,0 +1,75 @@
	1	{ ... }:
	2
	3	with lib;
	4
	5	{
	6	options = {
	7	services.openssh = {
	8	settings.HostKeyAlgorithms = mkOption {
	9	type = types.listOf types.str;
	10	default = [
	11	"ssh-ed25519"
	12	"ssh-ed25519-cert-v01@openssh.com"
	13	"sk-ssh-ed25519@openssh.com"
	14	"sk-ssh-ed25519-cert-v01@openssh.com"
	15	"ecdsa-sha2-nistp256"
	16	"ecdsa-sha2-nistp256-cert-v01@openssh.com"
	17	"ecdsa-sha2-nistp384"
	18	"ecdsa-sha2-nistp384-cert-v01@openssh.com"
	19	"ecdsa-sha2-nistp521"
	20	"ecdsa-sha2-nistp521-cert-v01@openssh.com"
	21	"sk-ecdsa-sha2-nistp256@openssh.com"
	22	"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
	23	"webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
	24	"ssh-dss"
	25	"ssh-dss-cert-v01@openssh.com"
	26	"ssh-rsa"
	27	"ssh-rsa-cert-v01@openssh.com"
	28	"rsa-sha2-256"
	29	"rsa-sha2-256-cert-v01@openssh.com"
	30	"rsa-sha2-512"
	31	"rsa-sha2-512-cert-v01@openssh.com"
	32	];
	33	};
	34	settings.CASignatureAlgorithms = mkOption {
	35	type = types.listOf types.str;
	36	default = [
	37	"ssh-ed25519"
	38	"ecdsa-sha2-nistp256"
	39	"ecdsa-sha2-nistp384"
	40	"ecdsa-sha2-nistp521"
	41	"sk-ssh-ed25519@openssh.com"
	42	"sk-ecdsa-sha2-nistp256@openssh.com"
	43	"rsa-sha2-512"
	44	"rsa-sha2-256"
	45	];
	46	};
	47	settings.PubkeyAcceptedAlgorithms = mkOption {
	48	type = types.listOf types.str;
	49	default = [
	50	"ssh-ed25519"
	51	"ssh-ed25519-cert-v01@openssh.com"
	52	"sk-ssh-ed25519@openssh.com"
	53	"sk-ssh-ed25519-cert-v01@openssh.com"
	54	"ecdsa-sha2-nistp256"
	55	"ecdsa-sha2-nistp256-cert-v01@openssh.com"
	56	"ecdsa-sha2-nistp384"
	57	"ecdsa-sha2-nistp384-cert-v01@openssh.com"
	58	"ecdsa-sha2-nistp521"
	59	"ecdsa-sha2-nistp521-cert-v01@openssh.com"
	60	"sk-ecdsa-sha2-nistp256@openssh.com"
	61	"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
	62	"webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
	63	"ssh-dss"
	64	"ssh-dss-cert-v01@openssh.com"
	65	"ssh-rsa"
	66	"ssh-rsa-cert-v01@openssh.com"
	67	"rsa-sha2-256"
	68	"rsa-sha2-256-cert-v01@openssh.com"
	69	"rsa-sha2-512"
	70	"rsa-sha2-512-cert-v01@openssh.com"
	71	];
	72	};
	73	};
	74	};
	75	}