From 1e67729be04b72e6c580ec7bcb4657ced96dd4d8 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sun, 12 May 2024 00:01:53 -0400
Subject: [PATCH] global/security: move ssh config to global/ssh

---
 modules/global/security.nix | 26 --------------------------
 modules/global/ssh.nix      | 29 +++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 26 deletions(-)
 create mode 100644 modules/global/ssh.nix

diff --git a/modules/global/security.nix b/modules/global/security.nix
index 5d07a80..77fc15f 100644
--- a/modules/global/security.nix
+++ b/modules/global/security.nix
@@ -34,32 +34,6 @@ with lib;
   # Allow non-root users to allow other users to access mount point
   programs.fuse.userAllowOther = mkDefault true;
 
-  # For rage encryption, all hosts need a ssh key pair
-  services.openssh = {
-    enable = true;
-    openFirewall = mkDefault true;
-    settings = {
-      X11Forwarding = mkDefault false;
-      GatewayPorts = mkDefault "yes";
-    };
-    hostKeys = mkDefault [{
-      path = "/etc/ssh/ssh_host_ed25519_key";
-      type = "ed25519";
-    }];
-  };
-
-  programs.ssh = {
-    extraConfig = with config.common; ''
-      Host rsync.net
-          Hostname ${rsyncnet.host}
-          User ${rsyncnet.user}
-
-      Host admin.rsync.net
-          Hostname ${rsyncnet.host}
-          User ${rsyncnet.account}
-    '';
-  };
-
   services.nginx = {
     statusPage = true;
     recommendedTlsSettings = true;
diff --git a/modules/global/ssh.nix b/modules/global/ssh.nix
new file mode 100644
index 0000000..03a5083
--- /dev/null
+++ b/modules/global/ssh.nix
@@ -0,0 +1,29 @@
+{ config, lib, ... }:
+with lib;
+{
+  # For rage encryption, all hosts need a ssh key pair
+  services.openssh = {
+    enable = true;
+    openFirewall = mkDefault true;
+    settings = {
+      X11Forwarding = mkDefault false;
+      GatewayPorts = mkDefault "yes";
+    };
+    hostKeys = mkDefault [{
+      path = "/etc/ssh/ssh_host_ed25519_key";
+      type = "ed25519";
+    }];
+  };
+
+  programs.ssh = {
+    extraConfig = with config.common; ''
+      Host rsync.net
+          Hostname ${rsyncnet.host}
+          User ${rsyncnet.user}
+
+      Host admin.rsync.net
+          Hostname ${rsyncnet.host}
+          User ${rsyncnet.account}
+    '';
+  };
+}