nix/modules/ssh.nix


1
2
3
4
5
6
7
8
9
10
11
12
13

{ config, lib, ... }:
{
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      AllowUsers = [ config.monorepo.vars.userName "git" ];
      PermitRootLogin = "no";
      KbdInteractiveAuthentication = false;
    };
  };
  networking.firewall.allowedTCPPorts = lib.mkIf config.services.openssh.enable [ 22 ];
}