feat: automate SSH config ('known_hosts', 'authorized_keys' ...)

modules/ssh/hardened-openssh.nix

@@ -4,9 +4,17 @@ let
   cfg = config.services.openssh;
 in
 {
+  imports = [
+    ./known-hosts.nix
+    ./authorized-keys.nix
+    ./extract-keys.nix
+  ];
+
   options.services.openssh.harden = mkEnableOption "harden ssh server configuration";
+
   config = {
     networking.firewall.allowedTCPPorts = [ 22 ];
+
     services.openssh.settings = optionalAttrs cfg.harden {
       PermitRootLogin = "no";
       PasswordAuthentication = false;