refactor(hosts): use modules/ssh with sensible defaults

hosts/andromache/default.nix

@@ -35,7 +35,7 @@ in
     ../../modules/audio
     ../../modules/localization
     ../../modules/fonts
-    ../../modules/ssh/hardened-openssh.nix
+    ../../modules/ssh
     ../../modules/storage
     ../../modules/stylix
     (import ../../modules/secrets { inherit lib inputs config; })
@@ -111,16 +111,9 @@ in
     ];
   };
 
-  services = {
+  services.locate = {
-    locate = {
+    enable = true;
-      enable = true;
+    package = pkgs.plocate;
-      package = pkgs.plocate;
-    };
-
-    openssh = {
-      enable = true;
-      harden = true;
-    };
   };
 
   networking = {

hosts/astyanax/default.nix

@@ -34,7 +34,7 @@ in
     ../../modules/users
     ../../modules/localization
     ../../modules/fonts
-    ../../modules/ssh/hardened-openssh.nix
+    ../../modules/ssh
     ../../modules/storage
     ../../modules/stylix
     (import ../../modules/secrets { inherit lib inputs config; })
@@ -100,10 +100,6 @@ in
 
   services = {
     fwupd.enable = true;
-    openssh = {
-      enable = true;
-      harden = true;
-    };
     locate = {
       enable = true;
       package = pkgs.plocate;

hosts/eetion-02/default.nix

@@ -10,7 +10,7 @@ in
 {
   imports = [
     ./hard.nix
-    ../../modules/ssh/hardened-openssh.nix
+    ../../modules/ssh
   ];
 
   ssh = {
@@ -59,13 +59,6 @@ in
 
   security.sudo.wheelNeedsPassword = false;
 
-  services = {
-    openssh = {
-      enable = true;
-      harden = true;
-    };
-  };
-
   environment.systemPackages = with pkgs; [
     vim
     git

hosts/eetion/default.nix

@@ -10,7 +10,7 @@ in
 {
   imports = [
     ./hard.nix
-    ../../modules/ssh/hardened-openssh.nix
+    ../../modules/ssh
   ];
 
   ssh = {
@@ -52,11 +52,6 @@ in
   security.sudo.wheelNeedsPassword = false;
 
   services = {
-    openssh = {
-      enable = true;
-      harden = true;
-    };
-
     paperless = {
       enable = true;
       passwordFile = "/etc/paperless-admin-pass";

hosts/hecuba/default.nix

@@ -15,7 +15,7 @@ in
     inputs.disko.nixosModules.disko
     ../../modules/common
     ./hard.nix
-    ../../modules/ssh/hardened-openssh.nix
+    ../../modules/ssh
     ../../modules/docker
     ../../modules/uptime-kuma
   ];
@@ -78,9 +78,4 @@ in
     enable = true;
     maxretry = 5;
   };
-
-  services.openssh = {
-    enable = true;
-    harden = true;
-  };
 }

hosts/vm/default.nix

@@ -24,7 +24,7 @@ in
     ../../modules/localization
     ../../modules/x
     ../../modules/fonts
-    ../../modules/ssh/hardened-openssh.nix
+    ../../modules/ssh
     ../../modules/storage
     (import ../../modules/secrets {
       inherit lib inputs config;
@@ -63,9 +63,5 @@ in
   services = {
     qemuGuest.enable = true;
     spice-vdagentd.enable = true;
-    openssh = {
-      enable = true;
-      harden = true;
-    };
   };
 }

images/sd-image-orange-pi-aarch64.nix

@@ -12,7 +12,7 @@ let
 in
 {
   imports = [
-    ../modules/ssh/hardened-openssh.nix
+    ../modules/ssh
   ];
 
   ssh.username = username;
@@ -37,21 +37,5 @@ in
 
   security.sudo.wheelNeedsPassword = false;
 
-  services.openssh = {
-    enable = true;
-    harden = true;
-  };
-
-  # sdImage.postBuildCommands =
-  #   let
-  #     bootloaderPackage = pkgs.ubootOrangePiZero2;
-  #     bootloaderSubpath = "/u-boot-sunxi-with-spl.bin";
-  #   in
-  #   ''
-  #     dd if=${bootloaderPackage}${bootloaderSubpath} of=$img \
-  #       bs=8 seek=1024 \
-  #       conv=notrunc
-  #   '';
-
   system.stateVersion = "26.05";
 }

images/sd-image-raspberry-pi-aarch64.nix

@@ -12,7 +12,7 @@ let
 in
 {
   imports = [
-    ../modules/ssh/hardened-openssh.nix
+    ../modules/ssh
   ];
 
   ssh.username = username;
@@ -60,11 +60,6 @@ in
 
   security.sudo.wheelNeedsPassword = false;
 
-  services.openssh = {
-    enable = true;
-    harden = true;
-  };
-
   environment.systemPackages = with pkgs; [
     libraspberrypi
   ];