diff --git a/modules/base/default.nix b/modules/base/default.nix index a029b92..f37096b 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -6,6 +6,7 @@ ./stylix ./programs + ./services ./profiles.nix ./home.nix diff --git a/modules/base/profiles.nix b/modules/base/profiles.nix index 058a541..f002985 100644 --- a/modules/base/profiles.nix +++ b/modules/base/profiles.nix @@ -20,6 +20,10 @@ in { nix-output-monitor = enabled; ripgrep = enabled; }; + + services = { + openssh = enabled; # required for agenix + }; } # # diff --git a/modules/base/services/default.nix b/modules/base/services/default.nix new file mode 100644 index 0000000..4619942 --- /dev/null +++ b/modules/base/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./openssh.nix + ]; +} diff --git a/modules/base/services/openssh.nix b/modules/base/services/openssh.nix new file mode 100644 index 0000000..f7495ba --- /dev/null +++ b/modules/base/services/openssh.nix @@ -0,0 +1,19 @@ +{ + lib, + config, + ... +}: let + cfg = config.marleyos.services.openssh; +in { + options.marleyos.services.openssh.enable = lib.mkEnableOption "openssh"; + + config = lib.mkIf cfg.enable { + services.openssh = { + enable = true; + + settings = { + PermitRootLogin = "prohibit-password"; + }; + }; + }; +} diff --git a/modules/darwin/services/default.nix b/modules/darwin/services/default.nix new file mode 100644 index 0000000..4619942 --- /dev/null +++ b/modules/darwin/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./openssh.nix + ]; +} diff --git a/modules/darwin/services/openssh.nix b/modules/darwin/services/openssh.nix new file mode 100644 index 0000000..578afb0 --- /dev/null +++ b/modules/darwin/services/openssh.nix @@ -0,0 +1,13 @@ +{ + lib, + config, + ... +}: let + cfg = config.marleyos.services.openssh; +in { + config = lib.mkIf cfg.enable { + services.openssh.extraConfig = '' + PermitRootLogin prohibit-password + ''; + }; +} diff --git a/modules/home/profiles.nix b/modules/home/profiles.nix index b43dcfc..25126bb 100644 --- a/modules/home/profiles.nix +++ b/modules/home/profiles.nix @@ -28,6 +28,7 @@ in { man = enabled; nh = enabled; ripgrep = enabled; + ssh = enabled; }; } # diff --git a/modules/home/programs/default.nix b/modules/home/programs/default.nix index 39f87e3..edaa783 100644 --- a/modules/home/programs/default.nix +++ b/modules/home/programs/default.nix @@ -25,6 +25,7 @@ ./neovim.nix ./nh.nix ./ripgrep.nix + ./ssh.nix ./waybar.nix # TODO: uncomment when swaylock is figured out diff --git a/snowflake/modules/home/programs/cli/ssh/default.nix b/modules/home/programs/ssh.nix similarity index 100% rename from snowflake/modules/home/programs/cli/ssh/default.nix rename to modules/home/programs/ssh.nix diff --git a/modules/nixos/profiles.nix b/modules/nixos/profiles.nix index 44ca8b1..20a055e 100644 --- a/modules/nixos/profiles.nix +++ b/modules/nixos/profiles.nix @@ -12,13 +12,11 @@ in { # Universal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - { programs = { - fish = enabled; nh = enabled; }; services = { docker = enabled; - openssh = enabled; # needed for agenix }; } # diff --git a/modules/nixos/services/openssh.nix b/modules/nixos/services/openssh.nix index f7495ba..26d2ac4 100644 --- a/modules/nixos/services/openssh.nix +++ b/modules/nixos/services/openssh.nix @@ -5,15 +5,9 @@ }: let cfg = config.marleyos.services.openssh; in { - options.marleyos.services.openssh.enable = lib.mkEnableOption "openssh"; - config = lib.mkIf cfg.enable { - services.openssh = { - enable = true; - - settings = { - PermitRootLogin = "prohibit-password"; - }; + services.openssh.settings = { + PermitRootLogin = "prohibit-password"; }; }; }