98 lines
2.2 KiB
Nix
98 lines
2.2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
username,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.ssh;
|
|
in
|
|
{
|
|
options = {
|
|
ssh = {
|
|
enable = lib.mkEnableOption "Enable ssh in NixOS";
|
|
};
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
programs.ssh = {
|
|
startAgent = true;
|
|
};
|
|
services.openssh = {
|
|
enable = true;
|
|
listenAddresses = [
|
|
{
|
|
addr = "0.0.0.0";
|
|
port = 15995;
|
|
}
|
|
];
|
|
ports = [ 15995 ];
|
|
settings = {
|
|
AllowUsers = [ "${username}" ];
|
|
# Allow forwarding ports to everywhere
|
|
GatewayPorts = "clientspecified";
|
|
KbdInteractiveAuthentication = false;
|
|
KexAlgorithms = [
|
|
"sntrup761x25519-sha512@openssh.com"
|
|
"curve25519-sha256"
|
|
"curve25519-sha256@libssh.org"
|
|
#"diffie-hellman-group-exchange-sha256"
|
|
];
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
# Automatically remove stale sockets
|
|
StreamLocalBindUnlink = "yes";
|
|
UseDns = true;
|
|
X11Forwarding = true;
|
|
};
|
|
};
|
|
home-manager.users.${username} =
|
|
{ config, pkgs, ... }:
|
|
{
|
|
home.file = {
|
|
desktop-entry-ssh-add = {
|
|
enable = true;
|
|
text = ''
|
|
[Desktop Entry]
|
|
Exec=ssh-add -q .ssh/id_ed25519
|
|
Name=ssh-add
|
|
Type=Application
|
|
'';
|
|
target = "${config.xdg.configHome}/autostart/ssh-add.desktop";
|
|
};
|
|
};
|
|
home.packages = with pkgs; [ sshs ];
|
|
programs.ssh = {
|
|
enable = true;
|
|
extraConfig = ''
|
|
Host thalia
|
|
HostName thalia
|
|
User ${username}
|
|
Port 6777
|
|
Host orion
|
|
HostName orion
|
|
User ${username}
|
|
Port 6777
|
|
Host media
|
|
HostName media.home
|
|
User ryan
|
|
Port 22
|
|
Host proxmox
|
|
HostName proxmox.home
|
|
User root
|
|
Port 22
|
|
Host router
|
|
HostName router.home
|
|
User root
|
|
Port 22
|
|
'';
|
|
};
|
|
};
|
|
|
|
users.users.${username}.openssh.authorizedKeys.keyFiles = [
|
|
./authorized_keys
|
|
];
|
|
|
|
|
|
};
|
|
}
|