better mirror upstream nixpkgs layout

author: Ethel Morgan <eth@ethulhu.co.uk> 2020-05-29 21:45:44 +0100
committer: Ethel Morgan <eth@ethulhu.co.uk> 2020-05-29 21:45:44 +0100
commit: 433a9ffcbddda74b0449eba251246a60221ae7cd (patch)
tree: 94792eabcb1e30b1f452ea18fd9c70e267aa4180 /nixos/modules/services/ssh.nix
parent: 1d6f6c4c6f4823d1b969c6309ad2d472441b7b16 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/nixos/modules/services/ssh.nix b/nixos/modules/services/ssh.nix
new file mode 100644
index 0000000..d965472
--- /dev/null
+++ b/nixos/modules/services/ssh.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  cfg = config.eth.services.ssh;
+
+in {
+  options.eth.services.ssh = {
+    enable = mkEnableOption "Whether to enable SSHd with Eth's defaults.";
+
+    passwordAuthentication = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to allow password authentication. Occasionally useful, used sparingly.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    security.pam.enableSSHAgentAuth = true;
+    security.pam.services.sudo.sshAgentAuth = true;
+
+    services.openssh = {
+      enable = true;
+      permitRootLogin = "no";
+      passwordAuthentication = cfg.passwordAuthentication;
+    };
+  };
+}
author	Ethel Morgan <eth@ethulhu.co.uk>	2020-05-29 21:45:44 +0100
committer	Ethel Morgan <eth@ethulhu.co.uk>	2020-05-29 21:45:44 +0100
commit	433a9ffcbddda74b0449eba251246a60221ae7cd (patch)
tree	94792eabcb1e30b1f452ea18fd9c70e267aa4180 /nixos/modules/services/ssh.nix
parent	1d6f6c4c6f4823d1b969c6309ad2d472441b7b16 (diff)