Main

Modules/System/Application/cli/openssh.nix

@@ -1,3 +1,17 @@
+# OpenSSH (System Module)
+#
+# Provides:
+#   - OpenSSH server (sshd) service
+#
+# Options:
+#   - enable          → Enable OpenSSH system module
+#   - passwordAuth    → Allow password authentication (default: false)
+#   - permitRootLogin → Permit root login (default: "no")
+#
+# Notes:
+#   - By default, password authentication is disabled for better security
+#   - Root login is disabled unless explicitly enabled
+
 { config, lib, pkgs, ... }:
 
 let
@@ -5,16 +19,29 @@ let
 in
 {
   options.nyx-module.system.openssh = {
-    enable = lib.mkEnableOption "Enable openssh (system) module";
+    enable = lib.mkEnableOption "Enable OpenSSH (system module)";
 
-    package = lib.mkOption {
-      type = lib.types.package;
-      default = pkgs.openssh;
-      description = "Package to install for openssh.";
+    passwordAuth = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Whether to allow password authentication.";
+    };
+
+    permitRootLogin = lib.mkOption {
+      type = lib.types.str;
+      default = "no";
+      example = "prohibit-password";
+      description = "Whether to permit root login via SSH.";
     };
   };
 
   config = lib.mkIf cfg.enable {
-    environment.systemPackages = [ cfg.package ];
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = cfg.passwordAuth;
+        PermitRootLogin = cfg.permitRootLogin;
+      };
+    };
   };
 }