feat: ssh

2025-05-28 18:35:36 -07:00 · 2025-05-28 18:35:36 -07:00 · 80db008bb7
commit 80db008bb7
parent 16f2e7fd18
11 changed files with 51 additions and 10 deletions
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -6,6 +6,7 @@
    ./stylix

    ./programs
+    ./services

    ./profiles.nix
    ./home.nix
--- a/modules/base/profiles.nix
+++ b/modules/base/profiles.nix
@ -20,6 +20,10 @@ in {
        nix-output-monitor = enabled;
        ripgrep = enabled;
      };
+
+      services = {
+        openssh = enabled; # required for agenix
+      };
    }
    #
    #
--- a/modules/base/services/default.nix
+++ b/modules/base/services/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./openssh.nix
+  ];
+}
--- a/modules/base/services/openssh.nix
+++ b/modules/base/services/openssh.nix
@ -0,0 +1,19 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.marleyos.services.openssh;
+in {
+  options.marleyos.services.openssh.enable = lib.mkEnableOption "openssh";
+
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+
+      settings = {
+        PermitRootLogin = "prohibit-password";
+      };
+    };
+  };
+}
--- a/modules/darwin/services/default.nix
+++ b/modules/darwin/services/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./openssh.nix
+  ];
+}
--- a/modules/darwin/services/openssh.nix
+++ b/modules/darwin/services/openssh.nix
@ -0,0 +1,13 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.marleyos.services.openssh;
+in {
+  config = lib.mkIf cfg.enable {
+    services.openssh.extraConfig = ''
+      PermitRootLogin prohibit-password
+    '';
+  };
+}
--- a/modules/home/profiles.nix
+++ b/modules/home/profiles.nix
@ -28,6 +28,7 @@ in {
        man = enabled;
        nh = enabled;
        ripgrep = enabled;
+        ssh = enabled;
      };
    }
    #
--- a/modules/home/programs/default.nix
+++ b/modules/home/programs/default.nix
@ -25,6 +25,7 @@
    ./neovim.nix
    ./nh.nix
    ./ripgrep.nix
+    ./ssh.nix
    ./waybar.nix

    # TODO: uncomment when swaylock is figured out
--- a/snowflake/modules/home/programs/cli/ssh/default.nix
+++ b/snowflake/modules/home/programs/cli/ssh/default.nix
--- a/modules/nixos/profiles.nix
+++ b/modules/nixos/profiles.nix
@ -12,13 +12,11 @@ in {
    # Universal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    {
      programs = {
-        fish = enabled;
        nh = enabled;
      };

      services = {
        docker = enabled;
-        openssh = enabled; # needed for agenix
      };
    }
    #
--- a/modules/nixos/services/openssh.nix
+++ b/modules/nixos/services/openssh.nix
@ -5,15 +5,9 @@
 }: let
  cfg = config.marleyos.services.openssh;
 in {
-  options.marleyos.services.openssh.enable = lib.mkEnableOption "openssh";
-
  config = lib.mkIf cfg.enable {
-    services.openssh = {
-      enable = true;
-
-      settings = {
-        PermitRootLogin = "prohibit-password";
-      };
+    services.openssh.settings = {
+      PermitRootLogin = "prohibit-password";
    };
  };
 }