From 27bb3fe3ba32c7721ff3517384a744948ffb645a Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Fri, 30 Jun 2023 10:21:31 +0100
Subject: [PATCH] Split sshd module.

---
 hosts/common/compute-node.nix | 23 +----------------------
 hosts/common/sshd.nix         | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+), 22 deletions(-)
 create mode 100644 hosts/common/sshd.nix

diff --git a/hosts/common/compute-node.nix b/hosts/common/compute-node.nix
index 55804a4..3b50079 100644
--- a/hosts/common/compute-node.nix
+++ b/hosts/common/compute-node.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./impermanence.nix
+    ./sshd.nix
     ./user-ppetru.nix
   ];
 
@@ -31,28 +32,6 @@
     vim
   ];
 
-  services.openssh = {
-    enable = true;
-    allowSFTP = false;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-    };
-    extraConfig = ''
-      AllowTcpForwarding yes
-      X11Forwarding no
-      AllowAgentForwarding no
-      AllowStreamLocalForwarding no
-      AuthenticationMethods publickey
-    '';
-  };
-
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [ 22 ];
-    allowedUDPPorts = [ ];
-  };
-
   system.copySystemConfiguration = false; # not supported with flakes
 
   # This value determines the NixOS release from which the default
diff --git a/hosts/common/sshd.nix b/hosts/common/sshd.nix
new file mode 100644
index 0000000..cf97546
--- /dev/null
+++ b/hosts/common/sshd.nix
@@ -0,0 +1,23 @@
+{
+  services.openssh = {
+    enable = true;
+    allowSFTP = false;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+    extraConfig = ''
+      AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding no
+      AllowStreamLocalForwarding no
+      AuthenticationMethods publickey
+    '';
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 ];
+    allowedUDPPorts = [ ];
+  };
+}