From ce1fa163fd9365cff57a0925f736eeb24292e374 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Fri, 25 Jul 2025 10:33:49 +0100 Subject: [PATCH] Move openssh configuration --- hosts/lemp11/services.nix | 1 - hosts/nixedo/configuration.nix | 1 - hosts/t480/configuration.nix | 1 - hosts/t490/services/default.nix | 1 - modules/nixos/default.nix | 1 - modules/nixos/openssh.nix | 23 ----------------------- modules2/openssh/enable.nix | 3 +++ modules2/openssh/firewall.nix | 5 +++++ modules2/openssh/settings.nix | 8 ++++++++ 9 files changed, 16 insertions(+), 28 deletions(-) delete mode 100644 modules/nixos/openssh.nix create mode 100644 modules2/openssh/enable.nix create mode 100644 modules2/openssh/firewall.nix create mode 100644 modules2/openssh/settings.nix diff --git a/hosts/lemp11/services.nix b/hosts/lemp11/services.nix index a096651f..e1e45889 100644 --- a/hosts/lemp11/services.nix +++ b/hosts/lemp11/services.nix @@ -2,7 +2,6 @@ services = { auto-cpufreq.enable = true; gvfs.enable = true; - openssh.enable = true; power-profiles-daemon.enable = false; thermald.enable = true; diff --git a/hosts/nixedo/configuration.nix b/hosts/nixedo/configuration.nix index 1eafd624..92626f62 100644 --- a/hosts/nixedo/configuration.nix +++ b/hosts/nixedo/configuration.nix @@ -20,7 +20,6 @@ ]; features = { - core.openssh.enable = true; cli.podman.enable = true; desktop.dconf.enable = true; }; diff --git a/hosts/t480/configuration.nix b/hosts/t480/configuration.nix index 301b8e67..7a4ec730 100644 --- a/hosts/t480/configuration.nix +++ b/hosts/t480/configuration.nix @@ -27,7 +27,6 @@ }; core = { - openssh.enable = true; pipewire.enable = true; zram.enable = true; }; diff --git a/hosts/t490/services/default.nix b/hosts/t490/services/default.nix index ce7ea823..ffde7b0c 100644 --- a/hosts/t490/services/default.nix +++ b/hosts/t490/services/default.nix @@ -19,7 +19,6 @@ blueman.enable = true; gvfs.enable = true; - openssh.enable = true; power-profiles-daemon.enable = false; printing.enable = true; pulseaudio.enable = false; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index c100a5ff..4dbd9578 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -9,7 +9,6 @@ ./media ./nix-index.nix ./nixpad - ./openssh.nix ./pipewire.nix ./podman.nix ./st.nix diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix deleted file mode 100644 index 3d09487e..00000000 --- a/modules/nixos/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, ... }: - -with lib; - -let - cfg = config.features.core.openssh; -in -{ - options.features.core.openssh.enable = mkEnableOption "Enable openssh"; - - config = mkIf cfg.enable { - services.openssh = { - enable = true; - - openFirewall = lib.mkForce true; - - settings = { - PasswordAuthentication = false; - PermitRootLogin = lib.mkForce "no"; - }; - }; - }; -} diff --git a/modules2/openssh/enable.nix b/modules2/openssh/enable.nix new file mode 100644 index 00000000..278ab317 --- /dev/null +++ b/modules2/openssh/enable.nix @@ -0,0 +1,3 @@ +{ + flake.modules.nixos.pc.services.openssh.enable = true; +} diff --git a/modules2/openssh/firewall.nix b/modules2/openssh/firewall.nix new file mode 100644 index 00000000..c8b4e8b5 --- /dev/null +++ b/modules2/openssh/firewall.nix @@ -0,0 +1,5 @@ +{ lib, ... }: + +{ + flake.modules.nixos.pc.services.openssh.openFirewall = lib.mkForce true; +} diff --git a/modules2/openssh/settings.nix b/modules2/openssh/settings.nix new file mode 100644 index 00000000..d1a976f7 --- /dev/null +++ b/modules2/openssh/settings.nix @@ -0,0 +1,8 @@ +{ lib, ... }: + +{ + flake.modules.nixos.pc.services.openssh.settings = { + PasswordAuthentication = false; + PermitRootLogin = lib.mkForce "no"; + }; +}