tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2026-05-07 02:16:33 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: ssh config

Browse Source
This commit is contained in:
tux
2026-05-06 21:22:24 +05:30
parent 98298fb8e3
commit e03c72552e
2 changed files with 71 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
modules/hosts/sirius/config.nix
View File

@@ -11,7 +11,12 @@
}: }:
{ {
imports = with config.flake.modules.nixos; [ desktop ]; imports = with config.flake.modules.nixos; [
networking
desktop
];
tnix.services.openssh.enable = true;
# --- Boot --- # --- Boot ---
boot = { boot = {
@@ -62,41 +67,6 @@
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
# --- SSH ---
services.openssh = {
enable = true;
startWhenNeeded = true;
allowSFTP = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AuthenticationMethods = "publickey";
PubkeyAuthentication = "yes";
UsePAM = false;
UseDns = false;
X11Forwarding = false;
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com"
"diffie-hellman-group-exchange-sha256"
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
};
# --- Programs --- # --- Programs ---
programs.firefox.enable = true; programs.firefox.enable = true;

65
modules/nixos/networking/ssh.nix Normal file
View File

@@ -0,0 +1,65 @@
{
flake.modules.nixos.networking =
{
config,
lib,
...
}:
with lib;
let
cfg = config.tnix.services.openssh;
in
{
options.tnix.services.openssh = {
enable = mkEnableOption "Enable OpenSSH server";
ports = mkOption {
type = types.listOf types.port;
default = [ 22 ];
description = ''
Specifies on which ports the SSH daemon listens.
'';
};
};
config = mkIf cfg.enable {
programs.ssh.startAgent = true;
services.openssh = {
enable = true;
startWhenNeeded = true;
allowSFTP = true;
ports = cfg.ports;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AuthenticationMethods = "publickey";
PubkeyAuthentication = "yes";
ChallengeResponseAuthentication = "no";
UsePAM = false;
UseDns = false;
X11Forwarding = false;
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com"
"diffie-hellman-group-exchange-sha256"
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
};
};
};
};
}