2023-09-16 12:14:53 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
# Enable SSH server.
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
2023-09-23 18:36:27 +02:00
|
|
|
ports = (
|
|
|
|
|
if (config.networking.hostname == "yodaTux") || (config.networking.hostname == "yodaTab")
|
|
|
|
|
then [22]
|
|
|
|
|
else if (config.networking.hostname == "yodaYoga")
|
|
|
|
|
then [2224]
|
|
|
|
|
else if (config.networking.hostname == "yodaNas")
|
|
|
|
|
then [2222]
|
|
|
|
|
else throw "Please add ssh port here"
|
|
|
|
|
);
|
2023-09-16 12:14:53 +02:00
|
|
|
# Use authorized keys only.
|
|
|
|
|
settings.PasswordAuthentication = false;
|
2023-09-17 16:36:30 +02:00
|
|
|
settings.PermitRootLogin = "prohibit-password";
|
2023-09-17 15:34:38 +02:00
|
|
|
# Enabling this is required for commands such as sftp and sshfs.
|
|
|
|
|
allowSFTP = false;
|
2023-09-16 12:14:53 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# SSH public key(s) allowed to connect via SSH.
|
2023-09-17 16:45:02 +02:00
|
|
|
users.users.yoda.openssh.authorizedKeys.keys = [
|
|
|
|
|
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
|
|
|
|
];
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
|
|
|
|
];
|
2023-09-16 12:14:53 +02:00
|
|
|
}
|
