base: centralize openssh settings

base/programs.nix

@@ -8,6 +8,14 @@
     bandwhich.enable = true;
   };
 
+  services.openssh = {
+    passwordAuthentication = false;
+    permitRootLogin = "no";
+    extraConfig = ''
+      StreamLocalBindUnlink yes
+    '';
+  };
+
   environment.systemPackages = builtins.attrValues {
     inherit
       (pkgs)

hosts/boreal/default.nix

@@ -79,11 +79,7 @@
   };
 
   services = {
-    openssh = {
+    openssh.enable = true;
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
   };
   my.gui = {
     enable = true;

hosts/hades/default.nix

@@ -126,8 +126,6 @@ in {
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  services.openssh.permitRootLogin = "no";
-  services.openssh.passwordAuthentication = false;
 
   virtualisation.docker.enable = true;
 

hosts/poseidon/default.nix

@@ -89,8 +89,6 @@ in {
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  services.openssh.permitRootLogin = "no";
-  services.openssh.passwordAuthentication = false;
 
   # Takes a long while to build
   documentation.nixos.enable = false;

hosts/zephyrus/default.nix

@@ -85,11 +85,7 @@
       };
     };
     fwupd.enable = true;
-    openssh = {
+    openssh.enable = true;
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
   };
   my.gui.enable = true;