mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 17:08:46 +08:00
36 lines
925 B
Nix
36 lines
925 B
Nix
|
inputs:
|
||
|
|
{
|
||
|
|
options.nixos.services.sshd = let inherit (inputs.lib) mkOption types; in
|
||
|
|
{
|
||
|
|
enable = mkOption { type = types.bool; default = false; };
|
||
|
|
passwordAuthentication = mkOption { type = types.bool; default = false; };
|
||
|
|
};
|
||
|
|
config =
|
||
|
|
let
|
||
|
|
inherit (inputs.lib) mkIf;
|
||
|
|
inherit (inputs.config.nixos.services) sshd;
|
||
|
|
in mkIf sshd.enable
|
||
|
|
{
|
||
|
|
services.openssh =
|
||
|
|
{
|
||
|
|
enable = true;
|
||
|
|
settings =
|
||
|
|
{
|
||
|
|
X11Forwarding = true;
|
||
|
|
TrustedUserCAKeys = "${./ssh-ca.pub}";
|
||
|
|
ChallengeResponseAuthentication = false;
|
||
|
|
PasswordAuthentication = sshd.passwordAuthentication;
|
||
|
|
KbdInteractiveAuthentication = false;
|
||
|
|
UsePAM = true;
|
||
|
|
};
|
||
|
|
extraConfig =
|
||
|
|
''
|
||
|
|
Match User root
|
||
|
|
PasswordAuthentication no
|
||
|
|
Match User chn
|
||
|
|
PasswordAuthentication no
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|