titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssh: move to seperate file

Browse Source
This commit is contained in:
Simon Gardling
2025-12-12 21:09:39 -05:00
parent 5ae54b8981
commit a5112e322e
2 changed files with 37 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
configuration.nix
View File

@@ -45,6 +45,8 @@
./services/caddy_senior_project.nix ./services/caddy_senior_project.nix
./services/graphing-calculator.nix ./services/graphing-calculator.nix
./services/ssh.nix
]; ];
services.kmscon.enable = true; services.kmscon.enable = true;
@@ -122,19 +124,6 @@
# Set your time zone. # Set your time zone.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
AllowUsers = [
username
"root"
];
PasswordAuthentication = false;
PermitRootLogin = "yes"; # for deploying configs
};
};
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
@@ -236,20 +225,9 @@
"render" "render"
service_configs.media_group service_configs.media_group
]; ];
# TODO! use proper secrets management
hashedPasswordFile = config.age.secrets.hashedPass.path; hashedPasswordFile = config.age.secrets.hashedPass.path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi" # desktop
];
}; };
# used for deploying configs to server
users.users.root.openssh.authorizedKeys.keys =
config.users.users.${username}.openssh.authorizedKeys.keys;
# https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
programs.fish.enable = true; programs.fish.enable = true;
programs.bash = { programs.bash = {

35
services/ssh.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
username,
...
}:
{
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
AllowUsers = [
username
"root"
];
PasswordAuthentication = false;
PermitRootLogin = "yes"; # for deploying configs
};
};
systemd.tmpfiles.rules = [
"Z /etc/ssh 755 root root"
];
users.users.${username}.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi" # desktop
];
# used for deploying configs to server
users.users.root.openssh.authorizedKeys.keys =
config.users.users.${username}.openssh.authorizedKeys.keys;
}