From 7ddc09d5da38a7c8dff87bddecf9a2ffc241b82c Mon Sep 17 00:00:00 2001 From: Ilan Joselevich Date: Mon, 15 May 2023 23:44:20 +0300 Subject: [PATCH] add ssh config and authorized keys --- hosts/tami-mac/configuration.nix | 7 +++++-- hosts/tami-mac/default.nix | 1 + profiles/ssh.nix | 10 ++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 profiles/ssh.nix diff --git a/hosts/tami-mac/configuration.nix b/hosts/tami-mac/configuration.nix index 3634526..cde61bd 100644 --- a/hosts/tami-mac/configuration.nix +++ b/hosts/tami-mac/configuration.nix @@ -19,8 +19,6 @@ system.stateVersion = "23.05"; - services.openssh.enable = true; - programs.vim.defaultEditor = true; users = { @@ -28,6 +26,11 @@ users."tami" = { isNormalUser = true; hashedPassword = "$y$j9T$BUWA7o2/xFFY6g/B9somr1$rveo/ttShW7jd835kf2pE9vAfDIXj/Hii3B5c9GyCjA"; + openssh.authorizedKeys.keys = [ + # Kranzes/Ilan + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBF2qWuvMCuJMlc6+ehyU0V/asmfAlT5/GLhUQqbpQ/bAAAABHNzaDo=" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEVpaQ0K0Fzz0Hu48pqKiI25lr9ASwXR1yzYbeErBX/2AAAABHNzaDo=" + ]; extraGroups = [ "wheel" "networkmanager" ]; uid = 1000; packages = with pkgs; [ diff --git a/hosts/tami-mac/default.nix b/hosts/tami-mac/default.nix index 07c0dba..913c861 100644 --- a/hosts/tami-mac/default.nix +++ b/hosts/tami-mac/default.nix @@ -7,6 +7,7 @@ inputs.nixpkgs.lib.nixosSystem { ./configuration.nix ./hardware-configuration.nix "${inputs.self}/profiles/nix-nixpkgs.nix" + "${inputs.self}/profiles/ssh.nix" { _module.args.nixinate = { host = "tami-mac"; diff --git a/profiles/ssh.nix b/profiles/ssh.nix new file mode 100644 index 0000000..bf13fb0 --- /dev/null +++ b/profiles/ssh.nix @@ -0,0 +1,10 @@ +{ + services.openssh = { + enable = true; + settings = { + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + permitRootLogin = "no"; + }; + }; +}