Add sshd module

2026-03-27 20:46:55 +00:00
parent 83770fa529
commit abc6d28f4e
2 changed files with 17 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -27,6 +27,7 @@
        nix-gc = import ./modules/nix-gc.nix;
        futureware = import ./modules/futureware.nix;
        tools = import ./modules/tools.nix;
+        sshd = import ./modules/sshd.nix;
      };

      lib.pre-commit = import ./pre-commit.nix;
--- a/modules/sshd.nix
+++ b/modules/sshd.nix
@@ -0,0 +1,16 @@
+_: {
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    hostKeys = [
+      # Generate a key if it's missing, which is normal at first boot, but can
+      # also be a TPM failure for PCs with a TPM.
+      # Do not generate an RSA key.
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}