modules: move shared pc modules from desktop to pc

3 files changed, 35 insertions, 0 deletions

diff --git a/modules/pc/software/access/default.nix b/modules/pc/software/access/default.nix
new file mode 100644
index 0000000..32d5500
--- /dev/null
+++ b/modules/pc/software/access/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./gnupg.nix
+    ./ssh.nix
+  ];
+}
diff --git a/modules/pc/software/access/gnupg.nix b/modules/pc/software/access/gnupg.nix
new file mode 100644
index 0000000..e60da30
--- /dev/null
+++ b/modules/pc/software/access/gnupg.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    pinentryPackage = pkgs.pinentry-curses;
+    enableExtraSocket = true;
+    enableBrowserSocket = true;
+
+    settings = {
+      enable-ssh-support = "";
+      ttyname = "$GPG_TTY";
+      default-cache-ttl = 34560000; # 60
+      max-cache-ttl = 34560000; # 120
+      allow-loopback-pinentry = "";
+    };
+  };
+}
diff --git a/modules/pc/software/access/ssh.nix b/modules/pc/software/access/ssh.nix
new file mode 100644
index 0000000..b514049
--- /dev/null
+++ b/modules/pc/software/access/ssh.nix
@@ -0,0 +1,11 @@
+{ lib, config, ... }:
+{
+  programs.ssh.startAgent = false;
+  security.pam.sshAgentAuth.enable = true;
+
+  services.fail2ban.jails.sshd.settings = {
+    enabled = true;
+    filter = "sshd[mode=aggressive]";
+    port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
+  };
+}