clan-core/clanModules/sshd/default.nix

{ config, pkgs, ... }:
{
  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;

  services.openssh.hostKeys = [
    {
      path = config.clan.core.facts.services.openssh.secret."ssh.id_ed25519".path;
      type = "ed25519";
    }
  ];

  clan.core.facts.services.openssh = {
    secret."ssh.id_ed25519" = { };
    public."ssh.id_ed25519.pub" = { };
    generator.path = [
      pkgs.coreutils
      pkgs.openssh
    ];
    generator.script = ''
      ssh-keygen -t ed25519 -N "" -f $secrets/ssh.id_ed25519
      mv $secrets/ssh.id_ed25519.pub $facts/ssh.id_ed25519.pub
    '';
  };
}
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`{ config, pkgs, ... }:`
			`{`
add sshd module 2024-03-13 07:38:20 +00:00			`services.openssh.enable = true;`
clanModule.sshd: Deactivate password auth. Change flake template to every machine having its own disko.nix file. 2024-05-20 17:11:12 +00:00			`services.openssh.settings.PasswordAuthentication = false;`
add sshd module 2024-03-13 07:38:20 +00:00
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`services.openssh.hostKeys = [`
			`{`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`path = config.clan.core.facts.services.openssh.secret."ssh.id_ed25519".path;`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`type = "ed25519";`
			`}`
			`];`
add sshd module 2024-03-13 07:38:20 +00:00
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.facts.services.openssh = {`
migrate secrets to new api 2024-03-28 09:30:37 +00:00			`secret."ssh.id_ed25519" = { };`
			`public."ssh.id_ed25519.pub" = { };`
re-format with nixfmt 2024-03-17 18:48:49 +00:00			`generator.path = [`
			`pkgs.coreutils`
			`pkgs.openssh`
			`];`
add sshd module 2024-03-13 07:38:20 +00:00			`generator.script = ''`
			`ssh-keygen -t ed25519 -N "" -f $secrets/ssh.id_ed25519`
			`mv $secrets/ssh.id_ed25519.pub $facts/ssh.id_ed25519.pub`
			`'';`
			`};`
			`}`