soopy.moe / gensokyo
nixos config
fork atom
gensokyo / global / programs / ssh.nix
at main 1.4 kB view raw
1{ config, ... }: 2let 3 nixos = config.system.nixos; 4in 5{ 6 # Enable the OpenSSH daemon. 7 services.openssh = { 8 enable = true; 9 settings = { 10 PermitRootLogin = "no"; 11 PasswordAuthentication = false; 12 PubkeyAcceptedAlgorithms = "sk-ssh-ed25519@openssh.com,ssh-ed25519"; 13 }; 14 15 banner = '' 16 -----BEGIN BANNER----- 17 # Welcome to ${config.system.name} 18 # ${nixos.distroName} ${nixos.codeName} (${nixos.label}) 19 i Trans rights are human rights 20 21 ! You are currently accessing an internal resource. Your connection 22 ! information, including but not limited to your authenticating IP address, 23 ! username and the user you're attempting to log into are recorded. 24 ! Disconnect IMMEDIATELY if you are not part of the authorized personnel. 25 26 i Contact: 27 i [Matrix] @sophie:nue.soopy.moe 28 i [Email] me@soopy.moe 29 ------END BANNER------ 30 ''; 31 }; 32 33 programs.ssh = { 34 startAgent = true; 35 pubkeyAcceptedKeyTypes = [ 36 "ssh-ed25519" 37 "sk-ssh-ed25519@openssh.com" 38 ]; 39 # enableAskPassword = true; 40 41 extraConfig = '' 42 ConnectTimeout 5 43 ''; # if things exceed 5 seconds to connect something has gone wrong. Fail fast to not wait. 44 }; 45 46 # i did not consent to having this automatically enabled 47 services.gnome.gcr-ssh-agent.enable = false; 48}