youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move openssh config to module

Browse source
This commit is contained in:
ulic-youthlic 2025-01-13 17:06:15 +08:00
parent 49683e7f7a
commit 8179762975
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
5 changed files with 54 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nixos/configurations/Tytonidae/default.nix
View file

@ -8,7 +8,6 @@
./i18n.nix ./i18n.nix
./gui.nix ./gui.nix
./users ./users
./openssh.nix
./kvm.nix ./kvm.nix
./nh.nix ./nh.nix
./steam.nix ./steam.nix
@ -26,6 +25,7 @@
}; };
programs = { programs = {
dae.enable = true; dae.enable = true;
openssh.enable = true;
}; };
}; };
@ -50,7 +50,6 @@
element-desktop element-desktop
discord-ptb discord-ptb
asusctl
vlc vlc
btop btop
handbrake handbrake
@ -61,12 +60,6 @@
environment.variables.EDITOR = "hx"; environment.variables.EDITOR = "hx";
nixpkgs = {
config = {
allowUnfree = true;
};
};
boot = { boot = {
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;

37
nixos/configurations/Tytonidae/openssh.nix
View file

@ -1,37 +0,0 @@
{ ... }:
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
X11Forwarding = true;
PermitRootLogin = "no";
LogLevel = "VERBOSE";
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"ecdh-sha2-nistp521"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp256"
"diffie-hellman-group-exchange-sha256"
];
};
ports = [ 3022 ];
};
}

1
nixos/modules/default.nix
View file

@ -18,6 +18,7 @@
./home.nix ./home.nix
./sops.nix ./sops.nix
./dae ./dae
./openssh.nix
]; ];
config = { config = {

5
nixos/modules/nix.nix
View file

@ -7,6 +7,11 @@
}: }:
{ {
config = { config = {
nixpkgs = {
config = {
allowUnfree = true;
};
};
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = { settings = {

47
nixos/modules/openssh.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib, ... }:
let
cfg = config.youthlic.programs.openssh;
in
{
options = {
youthlic.programs.openssh = {
enable = lib.mkEnableOption "openssh";
};
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
X11Forwarding = true;
PermitRootLogin = "no";
LogLevel = "VERBOSE";
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"ecdh-sha2-nistp521"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp256"
"diffie-hellman-group-exchange-sha256"
];
};
ports = [ 3022 ];
};
};
}