infra/libkookie/configuration/server/openssh/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

{ config, lib, pkgs, ... } @ args:

let spacekookie = (import <configuration/users/spacekookie> args);
in
{
  services.openssh = {
    enable = true;
    permitRootLogin = "prohibit-password";
    passwordAuthentication = false;

    # Required for root
    extraConfig = ''
      Match Address 127.0.0.1
        PermitRootLogin yes
    '';
  };

  users.users.root.openssh.authorizedKeys.keys = spacekookie.pubkeys;
  
  # Also enable mosh because /shrug
  programs.mosh.enable = true;
}