Split out ssh configuration

modules/system/ssh.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+#with lib.my;
+with lib;
+let
+  this = config.my.system.ssh;
+  publicKey = pkgs.fetchurl {
+    url = "https://github.com/jamesepatrick.keys";
+    sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";
+  };
+in {
+  options.my = {
+    system.ssh.enable = mkOption {
+      default = true;
+      type = with types; bool;
+    };
+  };
+
+  config = mkIf this.enable {
+    # Openssh settings for security
+    services.openssh = {
+      enable = true;
+      permitRootLogin = "no";
+      passwordAuthentication = false;
+    };
+
+    users.users.james.openssh.authorizedKeys.keyFiles = [ publicKey ];
+  };
+}

profiles/minimal.nix

@@ -1,10 +1,6 @@
 { inputs, config, pkgs, ... }:
 
 let
-  publicKey = pkgs.fetchurl {
-    url = "https://github.com/jamesepatrick.keys";
-    sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";
-  };
 in {
 
   imports = [
@@ -45,7 +41,6 @@ in {
       extraGroups = [ "wheel" "systemd-journal" ];
       initialPassword = "nixos";
       isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ publicKey ];
       shell = pkgs.zsh;
     };
   };
@@ -70,10 +65,4 @@ in {
     enableSSHSupport = true;
   };
 
-  # Openssh settings for security
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "no";
-    passwordAuthentication = false;
-  };
 }