23 lines
730 B
Nix
23 lines
730 B
Nix
{ host, secrets, ... }:
|
|
|
|
{
|
|
environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH"
|
|
else if ( host == "NxXPS" ) then
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf+08+t8a0lY2+nR1mhIU3vuksStiJOlojJjzCwFk7r root@NxXPS"
|
|
else
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFfZpWVPlujsz3FklSVAM+tuYn4pzDSijhp5CeYNOZk root@NxACE";
|
|
sops.secrets."ssh/${host}-ssh_host_ed25519_key" = {
|
|
mode = "0600";
|
|
path = "/etc/ssh/ssh_host_ed25519_key.shadow";
|
|
};
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ secrets.ssh.port ];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
}
|
|
|