Commit 2aeb4af

HPCesia <me@hpcesia.com>
2025-07-13 12:56:29
feat: ssh config
1 parent 333b59b
Changed files (4)
modules/nixos/base/networking.nix
@@ -13,23 +13,6 @@
     };
   };
 
-  networking.firewall = {
-    allowedTCPPortRanges = [
-      {
-        # KDE Connect
-        from = 1714;
-        to = 1764;
-      }
-    ];
-    allowedUDPPortRanges = [
-      {
-        # KDE Connect
-        from = 1714;
-        to = 1764;
-      }
-    ];
-  };
-
   # Use an NTP server located in the mainland of China to synchronize the system time
   networking.timeServers = [
     "ntp.aliyun.com" # Aliyun NTP Server
modules/nixos/base/ssh.nix
@@ -0,0 +1,18 @@
+{lib, ...}: {
+  # Or disable the firewall altogether.
+  networking.firewall.enable = lib.mkDefault false;
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      # root user is used for remote deployment.
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false; # disable password login
+    };
+    openFirewall = true;
+  };
+
+  # Add terminfo database of all known terminals to the system profile.
+  # https://github.com/NixOS/nixpkgs/blob/nixos-25.05/nixos/modules/config/terminfo.nix
+  environment.enableAllTerminfo = true;
+}
modules/nixos/base/user-group.nix
@@ -28,5 +28,6 @@
   # root's ssh key are mainly used for remote deployment
   users.users.root = {
     inherit (myvars) initialHashedPassword;
+    openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
   };
 }
vars/default.nix
@@ -5,4 +5,8 @@
   networking = import ./networking.nix {inherit lib;};
   # generated by `mkpasswd -m scrypt`
   initialHashedPassword = "$7$CU..../....xQnray7Ah6GYybfmtsxmF.$k0F/eaOC2.9gXwXp0jgMrFM.fnMtFqYi3GZFaaJGsl3";
+  # Public Keys that can be used to login to all my PC and servers.
+  sshAuthorizedKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyxd+nyK9cnULmzXIMhE1/rIB3VMsJ6SuWV4Ha8oE0F hpcesia@kevin"
+  ];
 }