feat: configure openssh

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>

hosts/common/global/default.nix

@@ -13,6 +13,7 @@
 
     ./locale.nix
     ./nh.nix
+    ./openssh.nix
   ];
 
   home-manager.useGlobalPkgs = true;

hosts/common/global/openssh.nix

@@ -0,0 +1,29 @@
+# adapted from github.com:Misterio77/nix-config
+{ outputs, lib, config, ...}:
+
+let
+  hosts = lib.attrNames outputs.nixosConfigurations;
+in {
+  services.openssh = {
+    enable = true;
+
+    # Harden
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+
+      # Automatically remove stale sockets
+      StreamLocalBindUnlink = "yes";
+      # Allow forwarding ports to everywhere
+      GatewayPorts = "clientspecified";
+    };
+
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+        rounds = 100;
+      }
+    ];
+  };
+}