22 lines
501 B
Nix
22 lines
501 B
Nix
{ config, lib, ... }:
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
|
|
ports = [ 2168 ];
|
|
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
|
|
# Prevents sshd from reading the user's ~/.ssh/authorized_keys file so that
|
|
# keys must be declared in the NixOS configuration.
|
|
authorizedKeysInHomedir = false;
|
|
};
|
|
|
|
environment.persistence."/persistence".files = lib.map (
|
|
hostKey: hostKey.path
|
|
) config.services.openssh.hostKeys;
|
|
}
|