From 2091fb1fdc2ca0c4d288b70bda52e557feb336cf Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Sun, 25 May 2025 21:12:43 -0400
Subject: [PATCH] work

---
 hosts/common/core/sops.nix | 17 +++++++++++++++++
 hosts/common/core/ssh.nix  | 19 +++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 hosts/common/core/sops.nix
 create mode 100644 hosts/common/core/ssh.nix

diff --git a/hosts/common/core/sops.nix b/hosts/common/core/sops.nix
new file mode 100644
index 0000000..2e1a03b
--- /dev/null
+++ b/hosts/common/core/sops.nix
@@ -0,0 +1,17 @@
+{
+  pkgs,
+  lib,
+  inputs,
+  config,
+  ...
+}: let
+  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
+in {
+  sops = {
+    defaultSopsFile = "${sopsFolder}/${config.hostSpec.hostName}.yaml";
+    validateSopsFiles = false;
+    age = {
+      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    };
+  };
+}
diff --git a/hosts/common/core/ssh.nix b/hosts/common/core/ssh.nix
new file mode 100644
index 0000000..7bc87fe
--- /dev/null
+++ b/hosts/common/core/ssh.nix
@@ -0,0 +1,19 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  programs.ssh = {
+    startAgent = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+}