Allow SSH access to end-user machines

This is useful for communicating between the two laptops.
author: Timo Wilken 2023-11-21 22:55:31 +0100
committer: Timo Wilken 2023-11-21 22:57:29 +0100
commit: adfbf841b0095496e7dc836f58139cf3a0997857 (patch)
tree: 22ebc6c168ad4bfb001f1f6ead11fda11f4c385a /tw/system/frm.scm
parent: 839723165e48e077378aa94a779fc32a0496e6b4 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/tw/system/frm.scm b/tw/system/frm.scm
index 9d5c815d..e52ff1a1 100644
--- a/tw/system/frm.scm
+++ b/tw/system/frm.scm
@@ -29,7 +29,8 @@
                      kerberos linux mtools pulseaudio search shells tls wm xorg)
 
 (use-service-modules admin authentication avahi base cups dbus desktop docker
-                     kerberos linux mcron networking pm shepherd syncthing vpn xorg)
+                     kerberos linux mcron networking pm shepherd ssh syncthing
+                     vpn xorg)
 
 (define efi-system-partition          ; /dev/nvme0n1p1
   (uuid "D8C7-2624" 'fat))
@@ -321,6 +322,14 @@ These are actually Mediatek MT7922 chips.")
         (secrets-configuration
          (host-key "/etc/secrets.key")))  ; we have no SSH host keys, so use a custom key
 
+      (service openssh-service-type
+        (openssh-configuration
+         (x11-forwarding? #t)
+         (permit-root-login #f)
+         (password-authentication? #f)
+         (authorized-keys
+          `(("timo" ,(local-file "files/timo.pub"))))))
+
       (modify-services (append %system-channel-services %desktop-services)
         ;; Let sane find the airscan backend. ipp-usb needs to be running separately.
         (sane-service-type _ => sane-backends/airscan)
author	Timo Wilken	2023-11-21 22:55:31 +0100
committer	Timo Wilken	2023-11-21 22:57:29 +0100
commit	adfbf841b0095496e7dc836f58139cf3a0997857 (patch)
tree	22ebc6c168ad4bfb001f1f6ead11fda11f4c385a /tw/system/frm.scm
parent	839723165e48e077378aa94a779fc32a0496e6b4 (diff)