From 733f46d70a8dcb278b37672a1990f3a8ad8419c2 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Mon, 14 Nov 2022 23:46:17 +0100
Subject: [PATCH] base: centralize openssh settings

---
 base/programs.nix          | 8 ++++++++
 hosts/boreal/default.nix   | 6 +-----
 hosts/hades/default.nix    | 2 --
 hosts/poseidon/default.nix | 2 --
 hosts/zephyrus/default.nix | 6 +-----
 5 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/base/programs.nix b/base/programs.nix
index 91d4ebf..194a371 100644
--- a/base/programs.nix
+++ b/base/programs.nix
@@ -8,6 +8,14 @@
     bandwhich.enable = true;
   };
 
+  services.openssh = {
+    passwordAuthentication = false;
+    permitRootLogin = "no";
+    extraConfig = ''
+      StreamLocalBindUnlink yes
+    '';
+  };
+
   environment.systemPackages = builtins.attrValues {
     inherit
       (pkgs)
diff --git a/hosts/boreal/default.nix b/hosts/boreal/default.nix
index 6661e08..7241b8a 100644
--- a/hosts/boreal/default.nix
+++ b/hosts/boreal/default.nix
@@ -79,11 +79,7 @@
   };
 
   services = {
-    openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
+    openssh.enable = true;
   };
   my.gui = {
     enable = true;
diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix
index d573e98..cb6b639 100644
--- a/hosts/hades/default.nix
+++ b/hosts/hades/default.nix
@@ -126,8 +126,6 @@ in {
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  services.openssh.permitRootLogin = "no";
-  services.openssh.passwordAuthentication = false;
 
   virtualisation.docker.enable = true;
 
diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index 037db1e..30fc071 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -89,8 +89,6 @@ in {
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  services.openssh.permitRootLogin = "no";
-  services.openssh.passwordAuthentication = false;
 
   # Takes a long while to build
   documentation.nixos.enable = false;
diff --git a/hosts/zephyrus/default.nix b/hosts/zephyrus/default.nix
index b6f4440..dbfd570 100644
--- a/hosts/zephyrus/default.nix
+++ b/hosts/zephyrus/default.nix
@@ -85,11 +85,7 @@
       };
     };
     fwupd.enable = true;
-    openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
+    openssh.enable = true;
   };
   my.gui.enable = true;