move out openssh and docker and configure openssh

hosts/tartarus/configuration.nix

@@ -70,7 +70,6 @@ in {
 
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
-  virtualisation.docker.enable = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.osbm = {
@@ -103,9 +102,6 @@ in {
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];

hosts/ymir/configuration.nix

@@ -128,8 +128,6 @@ in {
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  virtualisation.docker.enable = true;
 
   users.users = {
     osbm = {
@@ -192,8 +190,7 @@ in {
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
+
-  services.openssh.enable = true;
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];

modules/common-packages.nix

@@ -75,4 +75,29 @@
       package = pkgs.nix-direnv;
     };
   };
+
+  virtualisation.docker.enable = true;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    startWhenNeeded = true;
+    settings = {
+      PermitRootLogin = "no";
+
+      # only allow key based logins and not password
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      AuthenticationMethods = "publickey";
+      PubkeyAuthentication = "yes";
+      ChallengeResponseAuthentication = "no";
+      UsePAM = false;
+
+
+      # kick out inactive sessions
+      ClientAliveCountMax = 5;
+      ClientAliveInterval = 60;
+    };
+  };
+
 }