refactor: seperate module for openssh

2025-07-06 13:06:35 +05:30 · 2025-02-22 08:11:40 +05:30
parent 0cd6576cdf
commit f2fbb6c47d
10 changed files with 87 additions and 22 deletions
--- a/hosts/alpha/default.nix
+++ b/hosts/alpha/default.nix
@ -13,6 +13,8 @@
    ../../modules/nixos/upstream-proxy.nix
  ];

+  tux.services.openssh.enable = true;
+
  sops.secrets = {
    borg_encryption_key = {
      sopsFile = ./secrets.yaml;
--- a/hosts/arcturus/default.nix
+++ b/hosts/arcturus/default.nix
@ -32,6 +32,8 @@
    ../../modules/nixos/containers/cs2.nix
  ];

+  tux.services.openssh.enable = true;
+
  sops.secrets = {
    borg_encryption_key = {
      sopsFile = ./secrets.yaml;
--- a/hosts/canopus/default.nix
+++ b/hosts/canopus/default.nix
@ -21,6 +21,8 @@
    ../../modules/nixos/steam.nix
  ];

+  tux.services.openssh.enable = true;
+
  nixpkgs.config.cudaSupport = true;

  sops.secrets = {
--- a/hosts/capella/default.nix
+++ b/hosts/capella/default.nix
@ -15,6 +15,8 @@
    ../../modules/nixos/containers/cs2.nix
  ];

+  tux.services.openssh.enable = true;
+
  sops.secrets = {
    "cs2_secrets/SRCDS_TOKEN" = {
      sopsFile = ./secrets.yaml;
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@ -3,21 +3,17 @@
  username,
  outputs,
  config,
-  lib,
  inputs,
  email,
  ...
-}: let
-  # Sops needs acess to the keys before the persist dirs are even mounted; so
-  # just persisting the keys won't work, we must point at /persist
-  hasOptinPersistence = config.environment.persistence."/persist".enable;
-in {
+}: {
  imports = [
    inputs.impermanence.nixosModules.impermanence
    inputs.home-manager.nixosModules.home-manager

    ../../modules/nixos/fail2ban.nix
    ../../modules/nixos/sops.nix
+    ../../modules/nixos/networking/ssh.nix
  ];

  sops.secrets.tux-password = {
@ -98,22 +94,6 @@ in {
    };
  };

-  services = {
-    openssh = {
-      enable = true;
-      settings = {
-        PasswordAuthentication = false;
-      };
-
-      hostKeys = [
-        {
-          path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
-          type = "ed25519";
-        }
-      ];
-    };
-  };
-
  users = {
    mutableUsers = false;
    defaultUserShell = pkgs.zsh;
--- a/hosts/homelab/default.nix
+++ b/hosts/homelab/default.nix
@ -19,6 +19,8 @@
    ../../modules/nixos/cyber-tux.nix
  ];

+  tux.services.openssh.enable = true;
+
  sops.secrets = {
    discord_token = {
      sopsFile = ./secrets.yaml;
--- a/hosts/sirius/default.nix
+++ b/hosts/sirius/default.nix
@ -12,6 +12,8 @@
    ../../modules/nixos/virtualisation/docker.nix
  ];

+  tux.services.openssh.enable = true;
+
  boot.binfmt.emulatedSystems = ["aarch64-linux"];

  nixpkgs = {
--- a/hosts/vega/default.nix
+++ b/hosts/vega/default.nix
@ -10,6 +10,8 @@
    ../../modules/nixos/adguard.nix
  ];

+  tux.services.openssh.enable = true;
+
  boot.initrd.availableKernelModules = [
    "usbhid"
    "usb_storage"
--- a/hosts/vps/default.nix
+++ b/hosts/vps/default.nix
@ -14,6 +14,8 @@
    ../common
  ];

+  tux.services.openssh.enable = true;
+
  nixpkgs = {
    hostPlatform = "x86_64-linux";
  };