nix-git/modules/ssh-server.nix

{ config, pkgs, ... }:
{
  # Enable SSH server.
  services.openssh = {
    enable = true;
    ports = (
      if (config.networking.hostName == "yodaTux") || (config.networking.hostName == "yodaTab") || (config.networking.hostName == "yodaGaming")
        then [22]
      else if (config.networking.hostName == "yodaYoga")
        then [2224]
      else if (config.networking.hostName == "yodaNas")
        then [2222]
      else if (config.networking.hostName == "yodaHedgehog")
        then [2226]
      else throw "Please add ssh port here"
    );
    # Use authorized keys only.
    settings.PasswordAuthentication = false;
    # Enabling this is required for commands such as sftp and sshfs.
    allowSFTP = false;
  };

  # SSH public key(s) allowed to connect via SSH.
  users.users."yoda".openssh.authorizedKeys.keys = [
    (builtins.readFile ../assets/ssh/nitrokey.pub)
  ];
  users.users."root".openssh.authorizedKeys.keys = [
    (builtins.readFile ../assets/ssh/nitrokey.pub)
  ] ++ (
    if (config.networking.hostName == "yodaNas")
    then [(builtins.readFile ../assets/ssh/hedgehog.pub)]
    else []
  );
}
split up ssh config 2023-09-16 12:14:53 +02:00			`{ config, pkgs, ... }:`
			`{`
			`# Enable SSH server.`
			`services.openssh = {`
			`enable = true;`
refactor and add yodaNas [WIP] 2023-09-23 18:36:27 +02:00			`ports = (`
add host yodaGaming 2024-02-06 16:48:22 +01:00			`if (config.networking.hostName == "yodaTux") \|\| (config.networking.hostName == "yodaTab") \|\| (config.networking.hostName == "yodaGaming")`
refactor and add yodaNas [WIP] 2023-09-23 18:36:27 +02:00			`then [22]`
refactor and add yodaNas [WIP] 2023-09-23 19:15:54 +02:00			`else if (config.networking.hostName == "yodaYoga")`
refactor and add yodaNas [WIP] 2023-09-23 18:36:27 +02:00			`then [2224]`
refactor and add yodaNas [WIP] 2023-09-23 19:15:54 +02:00			`else if (config.networking.hostName == "yodaNas")`
refactor and add yodaNas [WIP] 2023-09-23 18:36:27 +02:00			`then [2222]`
add yodaHedgehog 2023-11-03 15:23:05 +01:00			`else if (config.networking.hostName == "yodaHedgehog")`
			`then [2226]`
refactor and add yodaNas [WIP] 2023-09-23 18:36:27 +02:00			`else throw "Please add ssh port here"`
			`);`
split up ssh config 2023-09-16 12:14:53 +02:00			`# Use authorized keys only.`
			`settings.PasswordAuthentication = false;`
ssh config 2023-09-17 15:34:38 +02:00			`# Enabling this is required for commands such as sftp and sshfs.`
			`allowSFTP = false;`
split up ssh config 2023-09-16 12:14:53 +02:00			`};`

			`# SSH public key(s) allowed to connect via SSH.`
add yodaHedgehog 2023-11-03 15:23:05 +01:00			`users.users."yoda".openssh.authorizedKeys.keys = [`
ssh config 2023-09-17 16:45:02 +02:00			`(builtins.readFile ../assets/ssh/nitrokey.pub)`
			`];`
add yodaHedgehog 2023-11-03 15:23:05 +01:00			`users.users."root".openssh.authorizedKeys.keys = [`
ssh config 2023-09-17 16:45:02 +02:00			`(builtins.readFile ../assets/ssh/nitrokey.pub)`
ssh config 2023-09-27 20:12:19 +02:00			`] ++ (`
			`if (config.networking.hostName == "yodaNas")`
ssh config (nas and hedgehog) 2023-11-18 13:01:18 +01:00			`then [(builtins.readFile ../assets/ssh/hedgehog.pub)]`
ssh config 2023-09-27 20:12:19 +02:00			`else []`
			`);`
split up ssh config 2023-09-16 12:14:53 +02:00			`}`