You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
server/nix/nixos-modules/sshSecurity.nix

34 lines
513 B
Nix

{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.openssh;
in
{
options = {
services.openssh.authorizedKeysOnly = lib.mkEnableOption ''
only logins using ssh keys (improving over default settings)
'';
};
config = lib.mkIf cfg.enable {
services.openssh = {
settings = {
KbdInteractiveAuthentication = lib.mkIf cfg.authorizedKeysOnly false;
PasswordAuthentication = lib.mkIf cfg.authorizedKeysOnly false;
};
};
};
# TODO add tests
}