From bd2744df1856c8df8843d6ceb717d4ab1bd4171a Mon Sep 17 00:00:00 2001
From: Thomas Boerger <thomas@webhippie.de>
Date: Wed, 15 Feb 2023 09:11:13 +0100
Subject: [PATCH] fix: replace deprecated options for openssh

---
 shared/services/openssh/default.nix | 41 ++++++++++++++++-------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/shared/services/openssh/default.nix b/shared/services/openssh/default.nix
index ce14bd1..ded1f2f 100644
--- a/shared/services/openssh/default.nix
+++ b/shared/services/openssh/default.nix
@@ -23,28 +23,31 @@ in
       openssh = {
         enable = true;
         openFirewall = true;
-        permitRootLogin = "yes";
 
-        ciphers = [
-          "chacha20-poly1305@openssh.com"
-          "aes256-gcm@openssh.com"
-          "aes256-ctr"
-          "aes128-gcm@openssh.com"
-        ];
+        settings = {
+          PermitRootLogin = "yes";
 
-        macs = [
-          "umac-128-etm@openssh.com"
-          "hmac-sha2-256-etm@openssh.com"
-          "hmac-sha2-512-etm@openssh.com"
-          "hmac-sha2-512"
-        ];
+          Ciphers = [
+            "chacha20-poly1305@openssh.com"
+            "aes256-gcm@openssh.com"
+            "aes256-ctr"
+            "aes128-gcm@openssh.com"
+          ];
 
-        kexAlgorithms = [
-          "curve25519-sha256@libssh.org"
-          "diffie-hellman-group16-sha512"
-          "diffie-hellman-group18-sha512"
-          "curve25519-sha256"
-        ];
+          Macs = [
+            "umac-128-etm@openssh.com"
+            "hmac-sha2-256-etm@openssh.com"
+            "hmac-sha2-512-etm@openssh.com"
+            "hmac-sha2-512"
+          ];
+
+          KexAlgorithms = [
+            "curve25519-sha256@libssh.org"
+            "diffie-hellman-group16-sha512"
+            "diffie-hellman-group18-sha512"
+            "curve25519-sha256"
+          ];
+        };
       };
     };
   };