{ lib, config, username, ... }: let cfg = config.ssh; in { options = { ssh = { enable = lib.mkEnableOption "Enable ssh in NixOS"; }; }; config = lib.mkIf cfg.enable { programs.ssh = { startAgent = true; }; services.openssh = { enable = true; listenAddresses = [ { addr = "0.0.0.0"; port = 15995; } ]; ports = [ 15995 ]; settings = { AllowUsers = [ "${username}" ]; # Allow forwarding ports to everywhere GatewayPorts = "clientspecified"; KbdInteractiveAuthentication = false; KexAlgorithms = [ "sntrup761x25519-sha512@openssh.com" "curve25519-sha256" "curve25519-sha256@libssh.org" #"diffie-hellman-group-exchange-sha256" ]; PasswordAuthentication = false; PermitRootLogin = "no"; # Automatically remove stale sockets StreamLocalBindUnlink = "yes"; UseDns = true; X11Forwarding = true; }; }; home-manager.users.${username} = { config, pkgs, ... }: { home.file = { desktop-entry-ssh-add = { enable = true; text = '' [Desktop Entry] Exec=ssh-add -q .ssh/id_ed25519 Name=ssh-add Type=Application ''; target = "${config.xdg.configHome}/autostart/ssh-add.desktop"; }; }; home.packages = with pkgs; [ sshs ]; programs.ssh = { enable = true; extraConfig = '' Host thalia HostName thalia User ${username} Port 6777 Host orion HostName orion User ${username} Port 6777 Host media HostName media.home User ryan Port 22 Host proxmox HostName proxmox.home User root Port 22 Host router HostName router.home User root Port 22 Host ryanpandya HostName 152.53.83.167 User ryan Port 15995 ''; }; }; users.users.${username}.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ]; }; }