From b7f641a476f9fcca73b34857e1db3f03c0f95740 Mon Sep 17 00:00:00 2001 From: Frederik Jacobsen Date: Wed, 12 Feb 2025 20:02:50 +0100 Subject: [PATCH] moved ssh into its own file --- configuration.nix | 18 +----------------- ssh-configuration.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 17 deletions(-) create mode 100644 ssh-configuration.nix diff --git a/configuration.nix b/configuration.nix index 497516b..07b0450 100644 --- a/configuration.nix +++ b/configuration.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. /etc/nixos/hardware-configuration.nix + ./ssh-configuration.nix ]; # Bootloader. @@ -83,23 +84,6 @@ # List services that you want to enable: - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = true; - AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" - }; - }; - - users.users."frederik".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDESaa260m4XAX6OJWkaH/MHVAy2eD8BO3QH740wn2CLQXuvAvZjpAVEZbfizPoHXZrEqEKPIALoOXNzUNm1H07+fh7PEOqGGS0x9b/8o1+MuiWYJQ4HlBfgWO80lI0WO40s1qEjminKgfQB8BmfwzrMq16ChCd0Pyt8O0a04K7ItZQBGHocgbEyKTyABUM+2Brz6zo9WJjkmQWbrUAjaCBaqLIJQgiT3GbdU4MPmIRyIDXQuiO0epbF2vyowqDGHar8C1pSSgyRCjnCl8VhCdRY+NjE5+s1WhQ0VFpp4jiUHDTfbIJx+ejXdAGHhEaxZOKqkkQWoEe/DJGTjOKkExkpwphdTMO5Ar/Gi6SQpeCuKQmjCzaVvcHPQRdnCA7txllF96fUPrKMeYI1ImT9npc2BlSZjjUprDGjAS0E5KRPOE2nJLCcRKwrShnCnN54jPW4L5xBPrWJkGkaD2Ks1LhD0RmX3Js5ytF3LLBq52Z/w2LvBEM8tGXglL21vpgyiVXcTKOe7Ywhp2XQ4O5Hukj0edKJLfU/0X4N6iSM8Ho8tnQtRB7oaw7pu1Rpoz63j1dU5knp9GYqCs37bAFBVkLymVn6NJi7NHTWY5IMXmxnov4JaoGQuYrV3Cpgiif7fTU9AlC0yxnJa5tHwJ5UEx4ltcEsIVnl678PLQtAWWmnQ== frederik1904@gmail.com" # content of authorized_keys file - ]; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/ssh-configuration.nix b/ssh-configuration.nix new file mode 100644 index 0000000..01600ff --- /dev/null +++ b/ssh-configuration.nix @@ -0,0 +1,16 @@ + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + + users.users."frederik".openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDESaa260m4XAX6OJWkaH/MHVAy2eD8BO3QH740wn2CLQXuvAvZjpAVEZbfizPoHXZrEqEKPIALoOXNzUNm1H07+fh7PEOqGGS0x9b/8o1+MuiWYJQ4HlBfgWO80lI0WO40s1qEjminKgfQB8BmfwzrMq16ChCd0Pyt8O0a04K7ItZQBGHocgbEyKTyABUM+2Brz6zo9WJjkmQWbrUAjaCBaqLIJQgiT3GbdU4MPmIRyIDXQuiO0epbF2vyowqDGHar8C1pSSgyRCjnCl8VhCdRY+NjE5+s1WhQ0VFpp4jiUHDTfbIJx+ejXdAGHhEaxZOKqkkQWoEe/DJGTjOKkExkpwphdTMO5Ar/Gi6SQpeCuKQmjCzaVvcHPQRdnCA7txllF96fUPrKMeYI1ImT9npc2BlSZjjUprDGjAS0E5KRPOE2nJLCcRKwrShnCnN54jPW4L5xBPrWJkGkaD2Ks1LhD0RmX3Js5ytF3LLBq52Z/w2LvBEM8tGXglL21vpgyiVXcTKOe7Ywhp2XQ4O5Hukj0edKJLfU/0X4N6iSM8Ho8tnQtRB7oaw7pu1Rpoz63j1dU5knp9GYqCs37bAFBVkLymVn6NJi7NHTWY5IMXmxnov4JaoGQuYrV3Cpgiif7fTU9AlC0yxnJa5tHwJ5UEx4ltcEsIVnl678PLQtAWWmnQ== frederik1904@gmail.com" # content of authorized_keys file + ];