39 lines
735 B
Nix
39 lines
735 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
site_config,
|
|
username,
|
|
...
|
|
}:
|
|
{
|
|
# Enable the OpenSSH daemon.
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
AllowUsers = [
|
|
username
|
|
"root"
|
|
];
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "yes"; # for deploying configs
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"Z /etc/ssh 755 root root"
|
|
"Z /etc/ssh/ssh_host_* 600 root root"
|
|
];
|
|
|
|
users.users.${username}.openssh.authorizedKeys.keys = [
|
|
site_config.ssh_keys.laptop
|
|
];
|
|
|
|
# used for deploying configs to server
|
|
users.users.root.openssh.authorizedKeys.keys =
|
|
config.users.users.${username}.openssh.authorizedKeys.keys
|
|
++ [
|
|
site_config.ssh_keys.ci_deploy
|
|
];
|
|
}
|