add ssh config and authorized keys

hosts/tami-mac/configuration.nix

@@ -19,8 +19,6 @@
 
   system.stateVersion = "23.05";
 
-  services.openssh.enable = true;
-
   programs.vim.defaultEditor = true;
 
   users = {
@@ -28,6 +26,11 @@
     users."tami" = {
       isNormalUser = true;
       hashedPassword = "$y$j9T$BUWA7o2/xFFY6g/B9somr1$rveo/ttShW7jd835kf2pE9vAfDIXj/Hii3B5c9GyCjA";
+      openssh.authorizedKeys.keys = [
+        # Kranzes/Ilan
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBF2qWuvMCuJMlc6+ehyU0V/asmfAlT5/GLhUQqbpQ/bAAAABHNzaDo="
+        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEVpaQ0K0Fzz0Hu48pqKiI25lr9ASwXR1yzYbeErBX/2AAAABHNzaDo="
+      ];
       extraGroups = [ "wheel" "networkmanager" ];
       uid = 1000;
       packages = with pkgs; [

hosts/tami-mac/default.nix

@@ -7,6 +7,7 @@ inputs.nixpkgs.lib.nixosSystem {
     ./configuration.nix
     ./hardware-configuration.nix
     "${inputs.self}/profiles/nix-nixpkgs.nix"
+    "${inputs.self}/profiles/ssh.nix"
     {
       _module.args.nixinate = {
         host = "tami-mac";

profiles/ssh.nix

@@ -0,0 +1,10 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      passwordAuthentication = false;
+      kbdInteractiveAuthentication = false;
+      permitRootLogin = "no";
+    };
+  };
+}