From dc325e22c408e0c51450a768b59c3d44e385e188 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Sat, 16 Sep 2023 12:14:53 +0200
Subject: [PATCH] split up ssh config

---
 hosts/yodaTab/configuration.nix     |  3 ++-
 hosts/yodaTux/configuration.nix     |  3 ++-
 hosts/yodaYoga/configuration.nix    |  3 ++-
 modules/{ssh.nix => ssh-client.nix} | 17 -----------------
 modules/ssh-server.nix              | 20 ++++++++++++++++++++
 5 files changed, 26 insertions(+), 20 deletions(-)
 rename modules/{ssh.nix => ssh-client.nix} (57%)
 create mode 100644 modules/ssh-server.nix

diff --git a/hosts/yodaTab/configuration.nix b/hosts/yodaTab/configuration.nix
index facfeb1..65e7d0e 100644
--- a/hosts/yodaTab/configuration.nix
+++ b/hosts/yodaTab/configuration.nix
@@ -39,7 +39,8 @@ in
       ../../modules/git.nix
       ../../modules/zsh.nix
       ../../modules/nitrokey-gpg-smartcard.nix
-      ../../modules/ssh.nix
+      ../../modules/ssh-client.nix
+      ../../modules/ssh-server.nix
       ../../modules/firefox.nix
       ../../modules/thunderbird.nix
       #../../modules/digikam.nix
diff --git a/hosts/yodaTux/configuration.nix b/hosts/yodaTux/configuration.nix
index 9e7d913..8204081 100644
--- a/hosts/yodaTux/configuration.nix
+++ b/hosts/yodaTux/configuration.nix
@@ -39,7 +39,8 @@ in
       ../../modules/git.nix
       ../../modules/zsh.nix
       ../../modules/nitrokey-gpg-smartcard.nix
-      ../../modules/ssh.nix
+      ../../modules/ssh-client.nix
+      ../../modules/ssh-server.nix
       ../../modules/firefox.nix
       ../../modules/thunderbird.nix
       ../../modules/digikam.nix
diff --git a/hosts/yodaYoga/configuration.nix b/hosts/yodaYoga/configuration.nix
index 23b3bdf..a17de13 100644
--- a/hosts/yodaYoga/configuration.nix
+++ b/hosts/yodaYoga/configuration.nix
@@ -41,7 +41,8 @@ in
       #../../modules/git.nix
       ../../modules/zsh.nix
       #../../modules/nitrokey-gpg-smartcard.nix
-      ../../modules/ssh.nix
+      #../../modules/ssh-client.nix
+      ../../modules/ssh-server.nix
       #../../modules/firefox.nix
       #../../modules/thunderbird.nix
       #../../modules/digikam.nix
diff --git a/modules/ssh.nix b/modules/ssh-client.nix
similarity index 57%
rename from modules/ssh.nix
rename to modules/ssh-client.nix
index d122e04..06e37dd 100644
--- a/modules/ssh.nix
+++ b/modules/ssh-client.nix
@@ -1,23 +1,6 @@
 { config, pkgs, ... }:
 
 {
-  # Enable SSH server.
-  services.openssh = {
-    enable = true;
-    #ports = [ 22 ];
-    # Forbid root login through SSH.
-    settings.PermitRootLogin = "no";
-    # Use authorized keys only.
-    settings.PasswordAuthentication = false;
-  };
-
-  # SSH public key(s) allowed to connect via SSH.
-  users.users.yoda = {
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
-    ];
-  };
-
   home-manager.users.yoda = { osConfig, config, pkgs, ... }: {
 
     # SSH client configuration.
diff --git a/modules/ssh-server.nix b/modules/ssh-server.nix
new file mode 100644
index 0000000..4ea7c66
--- /dev/null
+++ b/modules/ssh-server.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{
+  # Enable SSH server.
+  services.openssh = {
+    enable = true;
+    #ports = [ 22 ];
+    # Forbid root login through SSH.
+    settings.PermitRootLogin = "no";
+    # Use authorized keys only.
+    settings.PasswordAuthentication = false;
+  };
+
+  # SSH public key(s) allowed to connect via SSH.
+  users.users.yoda = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
+    ];
+  };
+}