From 34f476d40e178ce082c4ac0aa2e86116fa7fb5d8 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Mar 2023 12:12:19 +0100
Subject: ...

---
 modules/openssh.nix | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 modules/openssh.nix

(limited to 'modules/openssh.nix')

diff --git a/modules/openssh.nix b/modules/openssh.nix
new file mode 100644
index 00000000..0ac2d2c6
--- /dev/null
+++ b/modules/openssh.nix
@@ -0,0 +1,75 @@
+{ ... }:
+
+with lib;
+
+{
+  options = {
+    services.openssh = {
+      settings.HostKeyAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "ssh-ed25519"
+          "ssh-ed25519-cert-v01@openssh.com"
+          "sk-ssh-ed25519@openssh.com"
+          "sk-ssh-ed25519-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp256"
+          "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp384"
+          "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp521"
+          "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+          "sk-ecdsa-sha2-nistp256@openssh.com"
+          "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+          "ssh-dss"
+          "ssh-dss-cert-v01@openssh.com"
+          "ssh-rsa"
+          "ssh-rsa-cert-v01@openssh.com"
+          "rsa-sha2-256"
+          "rsa-sha2-256-cert-v01@openssh.com"
+          "rsa-sha2-512"
+          "rsa-sha2-512-cert-v01@openssh.com"
+        ];
+      };
+      settings.CASignatureAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "ssh-ed25519"
+          "ecdsa-sha2-nistp256"
+          "ecdsa-sha2-nistp384"
+          "ecdsa-sha2-nistp521"
+          "sk-ssh-ed25519@openssh.com"
+          "sk-ecdsa-sha2-nistp256@openssh.com"
+          "rsa-sha2-512"
+          "rsa-sha2-256"
+        ];
+      };
+      settings.PubkeyAcceptedAlgorithms = mkOption {
+        type = types.listOf types.str;
+        default = [
+          "ssh-ed25519"
+          "ssh-ed25519-cert-v01@openssh.com"
+          "sk-ssh-ed25519@openssh.com"
+          "sk-ssh-ed25519-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp256"
+          "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp384"
+          "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+          "ecdsa-sha2-nistp521"
+          "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+          "sk-ecdsa-sha2-nistp256@openssh.com"
+          "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+          "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+          "ssh-dss"
+          "ssh-dss-cert-v01@openssh.com"
+          "ssh-rsa"
+          "ssh-rsa-cert-v01@openssh.com"
+          "rsa-sha2-256"
+          "rsa-sha2-256-cert-v01@openssh.com"
+          "rsa-sha2-512"
+          "rsa-sha2-512-cert-v01@openssh.com"
+        ];
+      };
+    };
+  };
+}
-- 
cgit v1.2.3