hosts/common/programs: Add ssh config

hosts/common/programs/default.nix

@@ -0,0 +1,3 @@
+{ imports = [
+  ./ssh.nix
+];}

hosts/common/programs/ssh.nix

@@ -0,0 +1,25 @@
+{
+  programs.ssh = {
+    ciphers = [
+      "chacha20-poly1305@openssh.com"
+      "aes256-gcm@openssh.com"
+      "aes128-gcm@openssh.com"
+      "aes256-ctr"
+      "aes192-ctr"
+      "aes128-ctr"
+    ];
+    macs = [
+      "umac-128-etm@openssh.com"
+      "hmac-sha2-256-etm@openssh.com"
+      "hmac-sha2-512-etm@openssh.com"
+    ];
+    kexAlgorithms = [
+      # Experimental, disabled for now.
+      # "sntrup761x25519-sha512@openssh.com"
+      "curve25519-sha256"
+      "curve25519-sha256@libssh.org"
+      # Disabled for being 2048-bit
+      # "diffie-hellman-group-exchange-sha256"
+    ];
+  };
+}

hosts/default.nix

@@ -3,6 +3,7 @@
   ./common/nixConfig.nix
   ./common/nixpkgsConfig.nix
   ./common/packages.nix
+  ./common/programs
   ./common/root.nix
   ./common/services
   ./common/ssh.nix