move services

modules/nixos/services/openssh.nix

@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  ...
+}:
+{
+  options = {
+    osbmModules.enableOpenssh = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable OpenSSH service";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf config.osbmModules.enableOpenssh {
+      services.openssh = {
+        enable = true;
+        startWhenNeeded = true;
+        settings = {
+          PermitRootLogin = "no";
+
+          # only allow key based logins and not password
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+          AuthenticationMethods = "publickey";
+          PubkeyAuthentication = "yes";
+          ChallengeResponseAuthentication = "no";
+          UsePAM = false;
+
+          # kick out inactive sessions
+          ClientAliveCountMax = 5;
+          ClientAliveInterval = 60;
+        };
+      };
+
+    })
+  ];
+}