feat(nixos): Enable SSH server on PC

hosts/pc/default.nix

@@ -4,6 +4,7 @@
     ../../nixos-modules/desktop_environment.nix
     ../../nixos-modules/_1password.nix
     ../../nixos-modules/allowed-unfree.nix
+    ../../nixos-modules/sshd.nix
     ./hardware-configuration.nix
   ];
   boot.loader.efi.efiSysMountPoint = "/boot/efi";

hosts/server/default.nix

@@ -29,6 +29,7 @@
     ./containers.nix
     ./wireguard.nix
     ./gotify.nix
+    ../../nixos-modules/sshd.nix
   ];
 
   powerManagement.cpuFreqGovernor = "performance";
@@ -40,18 +41,6 @@
       efi.efiSysMountPoint = "/boot";
     };
   };
-  services = {
-    fail2ban.enable = true;
-    openssh = {
-      enable = true;
-      settings = {
-        # only allow SSH key auth
-        PasswordAuthentication = false;
-        PermitRootLogin = "no";
-        AllowUsers = [ "mat" ];
-      };
-    };
-  };
 
   # enable vaapi on OS-level
   nixpkgs.config.packageOverrides = pkgs: {

nixos-modules/common.nix

@@ -107,9 +107,6 @@
           "podman"
           "dialout" # to connect to arduino
         ];
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsT6GLG7sY8YKX7JM+jqS3EAti3YMzwHKWViveqkZvu"
-        ];
       };
     };
   };

nixos-modules/sshd.nix

@@ -0,0 +1,18 @@
+{
+  services = {
+    fail2ban.enable = true;
+    openssh = {
+      enable = true;
+      settings = {
+        # only allow SSH key auth
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+        AllowUsers = [ "mat" ];
+      };
+    };
+  };
+
+  user.users.mat.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsT6GLG7sY8YKX7JM+jqS3EAti3YMzwHKWViveqkZvu"
+  ];
+}