{ lib, config, username, ... }: let cfg = config.ssh; in { options = { ssh = { enable = lib.mkEnableOption "Enable ssh in NixOS"; }; }; config = lib.mkIf cfg.enable { programs.ssh = { startAgent = true; }; services.openssh = { enable = true; listenAddresses = [ { addr = "0.0.0.0"; port = 15995; } ]; ports = [ 15995 ]; settings = { AllowUsers = [ "${username}" ]; # Allow forwarding ports to everywhere GatewayPorts = "clientspecified"; KbdInteractiveAuthentication = false; KexAlgorithms = [ "sntrup761x25519-sha512@openssh.com" "curve25519-sha256" "curve25519-sha256@libssh.org" #"diffie-hellman-group-exchange-sha256" ]; PasswordAuthentication = false; PermitRootLogin = "no"; # Automatically remove stale sockets StreamLocalBindUnlink = "yes"; UseDns = true; X11Forwarding = true; }; }; home-manager.users.${username} = { config, pkgs, ... }: { home.file = { desktop-entry-ssh-add = { enable = true; text = '' [Desktop Entry] Exec=ssh-add -q .ssh/id_ed25519 Name=ssh-add Type=Application ''; target = "${config.xdg.configHome}/autostart/ssh-add.desktop"; }; }; home.packages = with pkgs; [ sshs ]; programs.ssh = { enable = true; extraConfig = '' Host thalia HostName thalia User ${username} Port 6777 Host orion HostName orion User ${username} Port 6777 Host media HostName media.home User ryan Port 22 Host proxmox HostName proxmox.home User root Port 22 Host router HostName router.home User root Port 22 ''; }; }; }; }