commit 700d8f26deb9c2c8e53b468371e61373c2136e86
author Samuel Shuert <coded@clicks.codes> Wed Feb 21 20:08:43 2024 +0000
committer Skyler Grey <minion@clicks.codes> Wed Feb 21 23:25:55 2024 +0000
tree 1db9168516b17c05f565c13743f790afedf0bfc6
parent b3c6ca7738c864e96683c1f7b6ee9369298ae4b3

Enable openssh server

It's useful to be able to ssh, so we want to open the ssh server. To
remain secure, we'll need to disable password login and only use keys
(as the password we have currently, "nixos", isn't the best and is also
completely public!)

Change-Id: I09d1a578701edb25496383fbd149fd093be3fb1d
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/413
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Skyler Grey <minion@clicks.codes>

modules/nixos/ssh/default.nix

diff --git a/modules/nixos/ssh/default.nix b/modules/nixos/ssh/default.nix
new file mode 100644
index 0000000..c3df0bf
--- /dev/null
+++ b/modules/nixos/ssh/default.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+  };
+}
\ No newline at end of file

modules/nixos/users/default.nix

diff --git a/modules/nixos/users/default.nix b/modules/nixos/users/default.nix
index f7d97f5..a4a9548 100644
--- a/modules/nixos/users/default.nix
+++ b/modules/nixos/users/default.nix
@@ -6,6 +6,11 @@
       "wheel"
       "input"
     ];
+    openssh.authorizedKeys.keys = [
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
+    ];
     initialPassword = "nixos";
   };
 
@@ -14,6 +19,11 @@
     extraGroups = [
       "wheel"
     ];
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZGErwcw5YUlJS9tAfIYOSqkiuDRZZRTJjMlrDaAiNwTjqUML/Lrcau/1KA6a0+sXCM8DhQ1e0qhh2Qxmh/kxZWO6XMVK2EB7ELPNojqFI16T8Bbhq2t7yVAqbPUhXLQ4xKGvWMCPWOCo/dY72P9yu7kkMV0kTW3nq25+8nvqIvvuQOlOUx1uyR7qEfO706O86wjVTIuwfZKyzMDIC909vyg0xS+SfFlD7MkBuGzevQnOAV3U6tyafg6XW4PaJuDLyGXwpKz6asY08F7gRL/7/GhlMB09nfFfT4sZggmqPdGAtxwsFuwHPjNSlktHz5nlHtpS0LjefR9mWiGIhw5Hw1z33lxP0rfmiEU9J7kFcXv9B8QAWFwWfNEZfeqB7h7DJruo+QRStGeDz4SwRG3GR+DB4iNJLt7n0ALkVFJpOpskeo8TV4+Fwok+hYs2GsvdEmh9Cj7dC/9CyRhJeam9iLIi/iVGZhXEE3tIiqEktZPjiK7JwQyr97zhGJ7Rj4oE= samue@SamuelDesktop"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH+TJRuMpDPgh6Wp2h+E+O/WoyEAVyWo6SN8oxm2JZNVAAAABHNzaDo= samue@SamuelDesktop"
+      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILrwKN4dJQ0BiLmjsA/66QHhu06+JyokWtHkLcjhWU79AAAABHNzaDo= coded-sk-resident-1"
+    ];
     initialPassword = "nixos";
   };