6 files changed, 43 insertions, 42 deletions

diff --git a/modules/core/access/default.nix b/modules/core/access/default.nix
new file mode 100644
index 0000000..97fe989
--- /dev/null
+++ b/modules/core/access/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./mosh.nix
+    ./openssh.nix
+  ];
+}
diff --git a/modules/core/access/mosh.nix b/modules/core/access/mosh.nix
new file mode 100644
index 0000000..c9af5bf
--- /dev/null
+++ b/modules/core/access/mosh.nix
@@ -0,0 +1,6 @@
+{
+  programs.mosh = {
+    enable = true;
+    openFirewall = false;
+  };
+}
diff --git a/modules/core/access/openssh.nix b/modules/core/access/openssh.nix
new file mode 100644
index 0000000..8128bfb
--- /dev/null
+++ b/modules/core/access/openssh.nix
@@ -0,0 +1,26 @@
+{
+  services.openssh = {
+    enable = true;
+    openFirewall = false;
+
+    settings = {
+      StreamLocalBindUnlink = "yes";
+      GatewayPorts = "clientspecified";
+
+      KexAlgorithms = [
+        "curve25519-sha256"
+        "[email protected]"
+        "diffie-hellman-group16-sha512"
+        "diffie-hellman-group18-sha512"
+        "diffie-hellman-group-exchange-sha256"
+        "[email protected]"
+      ];
+
+      Macs = [
+        "[email protected]"
+        "[email protected]"
+        "[email protected]"
+      ];
+    };
+  };
+}
diff --git a/modules/core/default.nix b/modules/core/default.nix
index a798030..e75e874 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -1,12 +1,8 @@
 {
   imports = [
+    ./access
     ./networking
     ./nix
     ./sops.nix
   ];
-
-  programs.mosh = {
-    enable = true;
-    openFirewall = false;
-  };
 }
diff --git a/modules/desktop/software/access/ssh.nix b/modules/desktop/software/access/ssh.nix
index 665532f..b514049 100644
--- a/modules/desktop/software/access/ssh.nix
+++ b/modules/desktop/software/access/ssh.nix
@@ -3,37 +3,9 @@
   programs.ssh.startAgent = false;
   security.pam.sshAgentAuth.enable = true;
 
-  services = {
-    fail2ban.jails.sshd.settings = {
-      enabled = true;
-      filter = "sshd[mode=aggressive]";
-      port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
-    };
-
-    openssh = {
-      enable = true;
-      ports = [ 22 ];
-      openFirewall = false;
-
-      settings = {
-        StreamLocalBindUnlink = "yes";
-        GatewayPorts = "clientspecified";
-
-        KexAlgorithms = [
-          "curve25519-sha256"
-          "[email protected]"
-          "diffie-hellman-group16-sha512"
-          "diffie-hellman-group18-sha512"
-          "diffie-hellman-group-exchange-sha256"
-          "[email protected]"
-        ];
-
-        Macs = [
-          "[email protected]"
-          "[email protected]"
-          "[email protected]"
-        ];
-      };
-    };
+  services.fail2ban.jails.sshd.settings = {
+    enabled = true;
+    filter = "sshd[mode=aggressive]";
+    port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports);
   };
 }
diff --git a/modules/server/networking/default.nix b/modules/server/networking/default.nix
index 0446118..5a653b5 100644
--- a/modules/server/networking/default.nix
+++ b/modules/server/networking/default.nix
@@ -1,11 +1,6 @@
 {
   imports = [ ./caddy.nix ];
 
-  services.openssh = {
-    enable = true;
-    openFirewall = false;
-  };
-
   networking = {
     hostName = "himeji";
     domain = "";