modules/openssh.nix at main · yemou.pink/nix-configs

yemou.pink / nix-configs

Nix configurations for my homelab

nix-configs / modules / openssh.nix

at main 636 B view raw

 1{ config, lib, ... }:
 2{
 3  environment.persistence."/data/persistent".files = [
 4    "/etc/ssh/ssh_host_ed25519_key"
 5    "/etc/ssh/ssh_host_ed25519_key.pub"
 6    "/etc/ssh/ssh_host_rsa_key"
 7    "/etc/ssh/ssh_host_rsa_key.pub"
 8  ];
 9
10  networking.firewall.interfaces = {
11    ${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 2222 ];
12    enp0s31f6.allowedTCPPorts = lib.mkIf (config.networking.hostName == "lily") [ 2222 ];
13  };
14
15  services.openssh = {
16    enable = true;
17    ports = [ 2222 ];
18    openFirewall = false;
19    settings = {
20      PasswordAuthentication = false;
21      PermitRootLogin = "no";
22    };
23  };
24}