summaryrefslogtreecommitdiff
path: root/system-profiles/openssh/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system-profiles/openssh/default.nix')
-rw-r--r--system-profiles/openssh/default.nix41
1 files changed, 41 insertions, 0 deletions
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix
new file mode 100644
index 00000000..33a3e136
--- /dev/null
+++ b/system-profiles/openssh/default.nix
@@ -0,0 +1,41 @@
1{ customUtils, lib, config, hostName, pkgs, ... }:
2{
3 config = {
4 programs.ssh.knownHosts = lib.zipAttrsWith (_name: values: builtins.head values) (lib.mapAttrsToList (name: lib.mapAttrs' (type: value: lib.nameValuePair "${name}-${type}" value)) (customUtils.nixImport { dir = ./known-hosts; }));
5
6 systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager
7
8 services.openssh = lib.mkIf config.services.openssh.enable {
9 hostKeys = [
10 { path = "/etc/ssh/ssh_host_rsa_key";
11 type = "rsa";
12 }
13 { path = "/etc/ssh/ssh_host_ed25519_key";
14 type = "ed25519";
15 }
16 ];
17 };
18
19 sops.secrets = lib.mkIf config.services.openssh.enable {
20 ssh_host_rsa_key = {
21 key = "rsa";
22 path = "/etc/ssh/ssh_host_rsa_key";
23 sopsFile = ./host-keys + "/${hostName}.yaml";
24 };
25 ssh_host_ed25519_key = {
26 key = "ed25519";
27 path = "/etc/ssh/ssh_host_ed25519_key";
28 sopsFile = ./host-keys + "/${hostName}.yaml";
29 };
30 };
31
32 environment.etc = lib.mkIf config.services.openssh.enable {
33 "ssh/ssh_host_rsa_key.pub".text = config.services.openssh.knownHosts."${hostName}-rsa".publicKey;
34 "ssh/ssh_host_ed25519_key.pub".text = config.services.openssh.knownHosts."${hostName}-ed25519".publicKey;
35 };
36
37 environment.systemPackages = lib.mkIf config.services.openssh.enable (with pkgs; [
38 rxvt_unicode.terminfo
39 ]);
40 };
41}