sshd module, home-shared-modules

2025-01-18 10:30:14 +01:00 · 2023-09-24 14:56:07 +02:00 · 2023-09-24 14:56:07 +02:00 · 37f5f73a76
parent 821d057aca
commit 37f5f73a76
7 changed files with 66 additions and 71 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -5,6 +5,7 @@ modulesCfg: {lib, ...}: {
      ./nixpkgs.nix
      ./globalinstalls.nix
      ./server.nix
+      ./sshd.nix
    ]
    ++ (map (path: (import path modulesCfg)) [
      ./hardware
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@ -27,16 +27,6 @@ in {

      # Enable CUPS to print documents.
      printing.enable = true;
-
-      # Enable the OpenSSH daemon.
-      openssh = {
-        enable = true;
-        settings = {
-          PermitRootLogin = "no";
-          PasswordAuthentication = false;
-          KbdInteractiveAuthentication = false;
-        };
-      };
    };

    # Enable sound with pipewire.
--- a/modules/server.nix
+++ b/modules/server.nix
@ -11,26 +11,14 @@ in {
  };

  config = lib.mkIf cfg.enable {
-    services = {
-      # Enable the OpenSSH daemon.
-      openssh = {
-        enable = true;
-        settings = {
-          # PermitRootLogin = "no"; # this is managed through authorized keys
-          PasswordAuthentication = false;
-          KbdInteractiveAuthentication = false;
-        };
-      };
-    };
-
    networking.firewall = {
      enable = true;
      allowedTCPPortRanges = [
-        {
-          # ssh
-          from = 22;
-          to = 22;
-        }
+        # {
+        #   # ssh
+        #   from = 22;
+        #   to = 22;
+        # }
      ];
    };
  };
--- a/modules/sshd.nix
+++ b/modules/sshd.nix
@ -0,0 +1,13 @@
+{...}: {
+  config = {
+    services.openssh = {
+      enable = true;
+      openFirewall = true;
+      settings = {
+        PermitRootLogin = "without-password";
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+      };
+    };
+  };
+}
--- a/modules/users/home-manager.nix
+++ b/modules/users/home-manager.nix
@ -13,53 +13,13 @@
      useUserPackages = true;
      useGlobalPkgs = true;

+      # defaults for users
+      sharedModules = import ./home-shared-modules.nix;
+
      users = {
        ronja = lib.mkIf (builtins.elem "ronja" config.my.enabledUsers) (import ./ronja-home.nix);
        vinzenz = lib.mkIf (builtins.elem "vinzenz" config.my.enabledUsers) (import ./vinzenz-home.nix);
      };
-
-      sharedModules = [
-        # set stateVersion
-        {home.stateVersion = "22.11";}
-        # make nano the default editor
-        {
-          home = {
-            sessionVariables.EDITOR = "nano";
-            file.".nanorc".text = lib.mkDefault ''
-              set linenumbers
-              set mouse
-            '';
-          };
-        }
-        # command line niceness
-        {
-          programs = {
-            command-not-found.enable = true;
-            dircolors.enable = true;
-
-            zsh = {
-              enable = true;
-              enableSyntaxHighlighting = true;
-              enableAutosuggestions = true;
-              enableVteIntegration = true;
-            };
-          };
-        }
-        # common git config
-        {
-          programs = {
-            git = {
-              enable = true;
-              extraConfig.init.defaultBranch = "main";
-            };
-
-            gh = {
-              enable = true;
-              enableGitCredentialHelper = true;
-            };
-          };
-        }
-      ];
    };
  };
 }
--- a/modules/users/home-shared-modules.nix
+++ b/modules/users/home-shared-modules.nix
@ -0,0 +1,44 @@
+[
+  # set stateVersion
+  {
+    home.stateVersion = "22.11";
+  }
+  # make nano the default editor
+  {
+    home = {
+      sessionVariables.EDITOR = "nano";
+      file.".nanorc".text = ''
+        set linenumbers
+        set mouse
+      '';
+    };
+  }
+  # command line niceness
+  {
+    programs = {
+      command-not-found.enable = true;
+      dircolors.enable = true;
+
+      zsh = {
+        enable = true;
+        enableSyntaxHighlighting = true;
+        enableAutosuggestions = true;
+        enableVteIntegration = true;
+      };
+    };
+  }
+  # common git config
+  {
+    programs = {
+      git = {
+        enable = true;
+        extraConfig.init.defaultBranch = "main";
+      };
+
+      gh = {
+        enable = true;
+        enableGitCredentialHelper = true;
+      };
+    };
+  }
+]
--- a/modules/users/vinzenz-home.nix
+++ b/modules/users/vinzenz-home.nix
@ -75,7 +75,6 @@

      extraConfig = {
        pull.ff = "only";
-        init.defaultBranch = "main";
        merge.tool = "kdiff3";
        push.autoSetupRemote = "true";
      };