Skip to content

sshd 🔹

Enables secure remote access to the machine over ssh.

Categories

System
Network

This module will setup the opensshd service. It will generate a host key for each machine

Roles

Usage via Inventory

Roles

This module can be used via predefined roles

- `server`
- `client`

Every role has its own configuration options. Which are each listed below.

For more information, see the inventory guide.

Example

For example the admin module adds the following options globally to all machines where it is used.

clan.admin.allowedkeys

This means there are two equivalent ways to set the allowedkeys option. Either via a nixos module or via the inventory interface. But it is recommended to keep together imports and config to preserve locality of the module configuration.

clan-core.lib.buildClan {
    inventory.services = {
        admin.me = {
            roles.default.machines = [ "jon" ];
            config.allowedkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD..." ];
        };
    };
};

clan-core.lib.buildClan {
    machines = {
        jon = {
            clan.admin.allowedkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD..." ];
            imports = [ clanModules.admin ];
        };
    };
};

Options of server role

The following options are available when using the server role.

clan.sshd.certificate.searchDomains

List of domains to include in the certificate. This option will prepend the machine name in front of each domain before adding it to the certificate.

Type: list of string

Default:

[ ]
Example 
[
  "mydomain.com"
]

shared.nix

Options of client role

The following options are available when using the client role.

clan.sshd.certificate.searchDomains

List of domains to include in the certificate. This option will prepend the machine name in front of each domain before adding it to the certificate.

Type: list of string

Default:

[ ]
Example 
[
  "mydomain.com"
]

shared.nix

Usage via Nix

This module can be also imported directly in your nixos configuration. Although it is recommended to use the inventory interface if available.

Some modules are considered 'low-level' or 'expert modules' and are not available via the inventory interface.

{config, lib, inputs, ...}: {
    imports = [ inputs.clan-core.clanModules.sshd ];
    # ...
}

Module Options

The following options are available for this module.

clan.sshd.certificate.searchDomains

List of domains to include in the certificate. This option will prepend the machine name in front of each domain before adding it to the certificate.

Type: list of string

Default:

[ ]
Example 
[
  "mydomain.com"
]

shared.nix