stuff

1 files changed, 34 insertions, 0 deletions

diff --git a/profiles/ssh.nix b/profiles/ssh.nix
new file mode 100644
index 0000000..e0a623a
--- /dev/null
+++ b/profiles/ssh.nix
@@ -0,0 +1,34 @@
+{ pkgs, lib, config, inputs, ... }:
+
+{
+  config = {
+    services.openssh = {
+      enable = true;
+      openFirewall = false;
+      passwordAuthentication = false;
+      kbdInteractiveAuthentication = false;
+      allowSFTP = false;
+      permitRootLogin = "no";
+      startWhenNeeded = true;
+      extraConfig = ''
+        AllowTcpForwarding yes
+        X11Forwarding no
+        AllowAgentForwarding no
+        AllowStreamLocalForwarding no
+        AuthenticationMethods publickey
+        StreamLocalBindUnlink yes
+
+        AllowUsers tzlil
+      '';
+    };
+    environment.persistence."/nix/persist" = {
+      hideMounts = true;
+      files = [
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+      ];
+    };
+  };
+}
\ No newline at end of file