refactor: ssh config

2026-05-07 02:16:33 +05:30 · 2026-05-06 21:22:24 +05:30
parent 98298fb8e3
commit e03c72552e
2 changed files with 71 additions and 36 deletions
--- a/modules/hosts/sirius/config.nix
+++ b/modules/hosts/sirius/config.nix
@@ -11,7 +11,12 @@
    }:
    {

-      imports = with config.flake.modules.nixos; [ desktop ];
+      imports = with config.flake.modules.nixos; [
+        networking
+        desktop
+      ];
+
+      tnix.services.openssh.enable = true;

      # --- Boot ---
      boot = {
@@ -62,41 +67,6 @@

      services.xserver.videoDrivers = [ "nvidia" ];

-      # --- SSH ---
-      services.openssh = {
-        enable = true;
-        startWhenNeeded = true;
-        allowSFTP = true;
-        settings = {
-          PermitRootLogin = "no";
-          PasswordAuthentication = false;
-          KbdInteractiveAuthentication = false;
-          AuthenticationMethods = "publickey";
-          PubkeyAuthentication = "yes";
-          UsePAM = false;
-          UseDns = false;
-          X11Forwarding = false;
-          ClientAliveCountMax = 5;
-          ClientAliveInterval = 60;
-
-          KexAlgorithms = [
-            "curve25519-sha256"
-            "curve25519-sha256@libssh.org"
-            "diffie-hellman-group16-sha512"
-            "diffie-hellman-group18-sha512"
-            "sntrup761x25519-sha512@openssh.com"
-            "diffie-hellman-group-exchange-sha256"
-            "mlkem768x25519-sha256"
-            "sntrup761x25519-sha512"
-          ];
-          Macs = [
-            "hmac-sha2-512-etm@openssh.com"
-            "hmac-sha2-256-etm@openssh.com"
-            "umac-128-etm@openssh.com"
-          ];
-        };
-      };
-
      # --- Programs ---
      programs.firefox.enable = true;