Enable openssh server
It's useful to be able to ssh, so we want to open the ssh server. To
remain secure, we'll need to disable password login and only use keys
(as the password we have currently, "nixos", isn't the best and is also
completely public!)
Change-Id: I09d1a578701edb25496383fbd149fd093be3fb1d
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/413
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Skyler Grey <minion@clicks.codes>
diff --git a/modules/nixos/ssh/default.nix b/modules/nixos/ssh/default.nix
new file mode 100644
index 0000000..c3df0bf
--- /dev/null
+++ b/modules/nixos/ssh/default.nix
@@ -0,0 +1,6 @@
+{ ... }: {
+ services.openssh = {
+ enable = true;
+ settings.PasswordAuthentication = false;
+ };
+}
\ No newline at end of file
diff --git a/modules/nixos/users/default.nix b/modules/nixos/users/default.nix
index f7d97f5..a4a9548 100644
--- a/modules/nixos/users/default.nix
+++ b/modules/nixos/users/default.nix
@@ -6,6 +6,11 @@
"wheel"
"input"
];
+ openssh.authorizedKeys.keys = [
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIteIdlZv52nUDxW2SUsoJ2NZi/w9j1NZwuHanQ/o/DuAAAAHnNzaDpjb2xsYWJvcmFfeXViaWtleV9yZXNpZGVudA== collabora_yubikey_resident"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJRzQbQjXFpHKtt8lpNKmoNx57+EJ/z3wnKOn3/LjM6cAAAAFXNzaDppeXViaWtleV9yZXNpZGVudA== iyubikey_resident"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOhzJ0p9bFRSURUjV05rrt5jCbxPXke7juNbEC9ZJXS/AAAAGXNzaDp0aW55X3l1YmlrZXlfcmVzaWRlbnQ= tiny_yubikey_resident"
+ ];
initialPassword = "nixos";
};
@@ -14,6 +19,11 @@
extraGroups = [
"wheel"
];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZGErwcw5YUlJS9tAfIYOSqkiuDRZZRTJjMlrDaAiNwTjqUML/Lrcau/1KA6a0+sXCM8DhQ1e0qhh2Qxmh/kxZWO6XMVK2EB7ELPNojqFI16T8Bbhq2t7yVAqbPUhXLQ4xKGvWMCPWOCo/dY72P9yu7kkMV0kTW3nq25+8nvqIvvuQOlOUx1uyR7qEfO706O86wjVTIuwfZKyzMDIC909vyg0xS+SfFlD7MkBuGzevQnOAV3U6tyafg6XW4PaJuDLyGXwpKz6asY08F7gRL/7/GhlMB09nfFfT4sZggmqPdGAtxwsFuwHPjNSlktHz5nlHtpS0LjefR9mWiGIhw5Hw1z33lxP0rfmiEU9J7kFcXv9B8QAWFwWfNEZfeqB7h7DJruo+QRStGeDz4SwRG3GR+DB4iNJLt7n0ALkVFJpOpskeo8TV4+Fwok+hYs2GsvdEmh9Cj7dC/9CyRhJeam9iLIi/iVGZhXEE3tIiqEktZPjiK7JwQyr97zhGJ7Rj4oE= samue@SamuelDesktop"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH+TJRuMpDPgh6Wp2h+E+O/WoyEAVyWo6SN8oxm2JZNVAAAABHNzaDo= samue@SamuelDesktop"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILrwKN4dJQ0BiLmjsA/66QHhu06+JyokWtHkLcjhWU79AAAABHNzaDo= coded-sk-resident-1"
+ ];
initialPassword = "nixos";
};