dotfiles/modules/nixos/services/openssh/default.nix

39 lines
857 B
Nix
Raw Permalink Normal View History

2023-03-20 01:37:46 +00:00
{
config,
lib,
format,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption mkDefault types;
2023-03-20 01:37:46 +00:00
cfg = config.aa.services.openssh;
2023-03-20 01:37:46 +00:00
default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
in {
options.aa.services.openssh = {
2023-03-20 01:37:46 +00:00
enable = mkEnableOption "ssh";
authorizedKeys = mkOption {
type = types.listOf types.str;
2023-03-20 01:37:46 +00:00
default = [default-key];
description = "The public keys to authorize";
};
};
2023-03-20 01:37:46 +00:00
config = mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = mkDefault (
if format == "install-iso"
then "yes"
else "no"
);
2023-03-20 01:37:46 +00:00
};
};
2023-03-20 01:37:46 +00:00
aa.user.extraOptions = {
openssh.authorizedKeys.keys = cfg.authorizedKeys;
2023-03-20 01:37:46 +00:00
};
};
}