31 lines
617 B
Nix
31 lines
617 B
Nix
{ ... }:
|
|
{
|
|
flake.modules.nixos."ssh-agent-auth" = {
|
|
security.pam = {
|
|
sshAgentAuth.enable = true;
|
|
services.sudo.sshAgentAuth = true;
|
|
};
|
|
};
|
|
|
|
flake.modules.nixos.openssh =
|
|
{
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
isServer = config.meta.host.kind == "server";
|
|
hostUserNames = builtins.attrNames config.meta.host.users;
|
|
in
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = isServer;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
AllowUsers = hostUserNames;
|
|
};
|
|
};
|
|
};
|
|
}
|