old
1{
2 lib,
3 config,
4 ...
5}: let
6 hostName = config.modules.currentHost;
7in {
8 # Or disable the firewall altogether.
9 networking.firewall.enable = lib.mkDefault false;
10 # Enable the OpenSSH daemon.
11 services.openssh = {
12 enable = true;
13 ports = config.modules.my-hosts.${hostName}.sshPorts;
14 settings = {
15 # root user is used for remote deployment.
16 PermitRootLogin = "prohibit-password";
17 PasswordAuthentication = false; # disable password login
18 };
19 openFirewall = true;
20 hostKeys = [
21 {
22 path = "/etc/ssh/ssh_host_ed25519_key";
23 type = "ed25519";
24 }
25 ];
26 };
27
28 # Add terminfo database of all known terminals to the system profile.
29 # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/config/terminfo.nix
30 environment.enableAllTerminfo = true;
31}