Servers: Remove RSA SSH keys

2024-12-10 12:59:37 +01:00 · 2024-12-10 12:59:37 +01:00 · 4cca387389
commit 4cca387389
parent 6555e2008e
2 changed files with 21 additions and 12 deletions
--- a/modules/common/network.nix
+++ b/modules/common/network.nix
@ -1,9 +1,29 @@
-{ lib, config, ... }:
+{ lib, ... }:
 with lib;
 {
  config = {
    networking.networkmanager.enable = true;
    networking.useDHCP = mkDefault true;
    networking.firewall.enable = true;
+
+    services.openssh = {
+      enable = true;
+      settings = {
+        StrictModes = true;
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitEmptyPasswords = "no";
+      };
+
+      openFirewall = true;
+
+      hostKeys = [
+        {
+          comment = "Main key";
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
+    };
  };
 }
--- a/modules/server/network.nix
+++ b/modules/server/network.nix
@ -2,20 +2,9 @@
 with lib;
 {
  config = {
-    services.openssh = {
-      enable = true;
-      settings = {
-        StrictModes = true;
-        PasswordAuthentication = false;
-        KbdInteractiveAuthentication = false;
-        PermitEmptyPasswords = "no";
-      };
-    };
-
    networking.firewall.allowedTCPPorts = [
      (mkIf config.services.nginx.enable 80)
      (mkIf config.services.nginx.enable 443)
-      (mkIf config.services.openssh.enable 22)
    ];
  };
 }