Raphaël Numbus
21 lines
478 B
Nix
21 lines
478 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
config.services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
AllowUsers = [ "numbus-admin" ];
|
|
ports = [ 245 ]
|
|
};
|
|
|
|
config.sops.secrets."authorizedSshPublicKeys" = {
|
|
sopsFile = /etc/nixos/secrets/system/ssh.yaml;
|
|
mode = "0440";
|
|
owner = "numbus-admin";
|
|
path = "/home/numbus-admin/.ssh/authorized_keys";
|
|
};
|
|
} |