refactor ssh

hosts/yodaTab/configuration.nix

@@ -32,7 +32,8 @@ in
       #../../modules/gnome-fractional-scaling.nix
       ../../modules/git.nix
       ../../modules/zsh.nix
-      ../../modules/nitrokey-ssh-gpg.nix
+      ../../modules/nitrokey-gpg-smartcard.nix
+      ../../modules/ssh.nix
       ../../modules/firefox.nix
       ../../modules/thunderbird.nix
     ];

hosts/yodaTux/configuration.nix

@@ -32,7 +32,8 @@ in
       ../../modules/gnome-fractional-scaling.nix
       ../../modules/git.nix
       ../../modules/zsh.nix
-      ../../modules/nitrokey-ssh-gpg.nix
+      ../../modules/nitrokey-gpg-smartcard.nix
+      ../../modules/ssh.nix
       ../../modules/firefox.nix
       ../../modules/thunderbird.nix
     ];

modules/base.nix

@@ -83,10 +83,6 @@
   users.users.yoda = {
     isNormalUser = true;
     description = "Yoda";
-    # SSH public key(s) to connect via SSH
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
-    ];
     extraGroups = [ "networkmanager" "wheel" ];
     packages = with pkgs; [
       # Nix dependency management.

modules/nitrokey-gpg-smartcard.nix

@@ -1,15 +1,6 @@
 { config, pkgs, ... }:
 
 {
-  # Enable SSH server.
-  services.openssh = {
-    enable = true;
-    # Forbid root login through SSH.
-    settings.PermitRootLogin = "no";
-    # Use authorized keys only.
-    settings.PasswordAuthentication = false;
-  };
-
   # Use NitroKey USB smartcard with SSH.
   # https://nixos.wiki/wiki/Nitrokey
 
@@ -111,25 +102,6 @@
   services.pcscd.enable = true;
 
   home-manager.users.yoda = { osConfig, config, pkgs, ... }: {
-    # SSH configuration.
-    programs.ssh = {
-      enable = true;
-      userKnownHostsFile = "~/.ssh/known_hosts ${../assets/ssh/known_hosts}";
-      matchBlocks = {
-        "nas" = {
-          hostname = "p1st.de";
-          user = "yoda";
-          port = 2222;
-          compression = true;
-        };
-        "rootnas" = {
-          hostname = "p1st.de";
-          user = "root";
-          port = 2222;
-          compression = true;
-        };
-      };
-    };
 
     # GnuPG configuration.
     # Examples:
@@ -156,5 +128,6 @@
         }
       ];
     };
+
   };
 }

modules/ssh.nix

@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+{
+  # Enable SSH server.
+  services.openssh = {
+    enable = true;
+    # Forbid root login through SSH.
+    settings.PermitRootLogin = "no";
+    # Use authorized keys only.
+    settings.PasswordAuthentication = false;
+  };
+
+  # SSH public key(s) allowed to connect via SSH.
+  users.users.yoda = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
+    ];
+  };
+
+  home-manager.users.yoda = { osConfig, config, pkgs, ... }: {
+
+    # SSH client configuration.
+    programs.ssh = {
+      enable = true;
+      userKnownHostsFile = "~/.ssh/known_hosts ${../assets/ssh/known_hosts}";
+      matchBlocks = {
+        "nas" = {
+          hostname = "p1st.de";
+          user = "yoda";
+          port = 2222;
+          compression = true;
+        };
+        "rootnas" = {
+          hostname = "p1st.de";
+          user = "root";
+          port = 2222;
+          compression = true;
+        };
+      };
+    };
+
+  };
+}