modules/ssh.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / modules / ssh.nix
at master 1.3 kB view raw
 1{
 2  pkgs,
 3  config,
 4  lib,
 5  ...
 6}:
 7
 8let
 9  cfg = config.custom;
10in
11{
12  config = lib.mkIf cfg.enable {
13    users.mutableUsers = false;
14    users.users.${config.custom.username}.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ];
15    users.users.root.openssh.authorizedKeys.keyFiles = [ ./authorized_keys ];
16
17    programs.mosh.enable = true;
18    services.openssh = {
19      enable = true;
20      openFirewall = lib.mkDefault false;
21      settings = {
22        PermitRootLogin = "yes";
23        PasswordAuthentication = false;
24      };
25    };
26
27    programs.ssh.extraConfig = ''
28      Host pixel-7a*
29        User nix-on-droid
30        Port 9022
31
32      Host slogin
33        User rtg24
34        Hostname slogin-serv.cl.cam.ac.uk
35
36      Host l41
37        User root
38        Hostname rpi4-013.advopsys.cl.cam.ac.uk
39        IdentityFile ~/.ssh/id_rsa_rpi4-013.advopsys.cl.cam.ac.uk
40        ProxyJump rtg24@slogin-serv.cl.cam.ac.uk
41        ForwardAgent yes
42
43      Host remarkable2*
44        PubkeyAcceptedKeyTypes +ssh-rsa
45        HostKeyAlgorithms +ssh-rsa
46        User root
47        ForwardX11 no
48        ForwardAgent no
49
50      Host nf-test???
51        User root
52        Hostname %h.nf.cl.cam.ac.uk
53        IdentityFile ~/.ssh/id_ed25519_L50
54        ProxyJump rtg24@slogin-serv.cl.cam.ac.uk
55        ForwardAgent yes
56    '';
57  };
58}