yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
7629f497f5429e424ed6fd781b83804d98d4a3d0
clan-core/clanServices/sshd
History
Michael Hoang e43779f8d6 clanServices: remove useless importApply
2025-09-16 16:07:54 +02:00
..
tests/vm
checks: fix some tests not named correctly
2025-06-30 19:50:16 +07:00
default.nix
treewide: reformat
2025-08-08 15:28:37 +10:00
flake-module.nix
clanServices: remove useless importApply
2025-09-16 16:07:54 +02:00
README.md
clanServices/sshd: add README
2025-07-07 13:54:26 +10:00

README.md

The sshd Clan service manages SSH to make it easy to securely access your machines over the internet. The service uses vars to store the SSH host keys for each machine to ensure they remain stable across deployments.

sshd also generates SSH certificates for both servers and clients allowing for certificate-based authentication for SSH.

The service also disables password-based authentication over SSH, to access your machines you'll need to use public key authentication or certificate-based authentication.

Usage

{
  inventory.instances = {
    # By default this service only generates ed25519 host keys
    sshd-basic = {
      module = {
        name = "sshd";
        input = "clan-core";
      };
      roles.server.tags.all = { };
      roles.client.tags.all = { };
    };

    # Also generate RSA host keys for all servers
    sshd-with-rsa = {
      module = {
        name = "sshd";
        input = "clan-core";
      };
      roles.server.tags.all = { };
      roles.server.settings = {
        hostKeys.rsa.enable = true;
      };
      roles.client.tags.all = { };
    };
  };
}