57 lines
1.5 KiB
Nix
57 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.profiles.clerie.common-ssh;
|
|
|
|
knownHostsFiles = [
|
|
"/etc/ssh/ssh_known_hosts"
|
|
] ++ cfg.knownHostsFiles;
|
|
|
|
in {
|
|
|
|
options.profiles.clerie.common-ssh = {
|
|
enable = mkEnableOption "Common ssh config";
|
|
knownHostsFiles = mkOption {
|
|
type = with types; listOf str;
|
|
default = [];
|
|
description = "List of paths to ssh known hosts files";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
assertions = [
|
|
{
|
|
assertion = config.programs.ssh.knownHostsFiles == [];
|
|
message = "profiles.clerie.common-ssh sets a custom set of global known hosts file that is incompatible with the settings from the official NixOS module, use profiles.clerie.common-ssh.knownHostsFiles instead";
|
|
}
|
|
];
|
|
|
|
services.openssh.enable = true;
|
|
services.openssh.settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = lib.mkDefault "no";
|
|
};
|
|
services.openssh.hostKeys = lib.mkForce [
|
|
# Only create ed25519 host keys
|
|
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
|
];
|
|
|
|
profiles.clerie.common-ssh.knownHostsFiles = [
|
|
(pkgs.clerie-ssh-known-hosts + "/known_hosts")
|
|
(pkgs.fem-ssh-known-hosts + "/known_hosts")
|
|
(pkgs.well-known-ssh-known-hosts + "/known_hosts")
|
|
];
|
|
|
|
programs.ssh.extraConfig = ''
|
|
Host *
|
|
GlobalKnownHostsFile ${builtins.concatStringsSep " " knownHostsFiles}
|
|
'';
|
|
|
|
};
|
|
}
|