From 241c98eb325e39840b34d382abd7f9963eab8d88 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Wed, 11 Dec 2019 00:44:55 +1000
Subject: [PATCH] Added attributes for openssh

---
 roles/openssh.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 roles/openssh.nix

diff --git a/roles/openssh.nix b/roles/openssh.nix
new file mode 100644
index 0000000..9d214fb
--- /dev/null
+++ b/roles/openssh.nix
@@ -0,0 +1,21 @@
+# SSH service configuration common to all hosts
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.openssh = {
+    enable = true;          # Enable the OpenSSH daemon.
+    permitRootLogin = "without-password";
+    challengeResponseAuthentication = false;
+    passwordAuthentication = false;
+    openFirewall = true;
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+
+}