diff --git a/nixos/modules/kevin/default.nix b/nixos/modules/kevin/default.nix index 3533f89..308714c 100644 --- a/nixos/modules/kevin/default.nix +++ b/nixos/modules/kevin/default.nix @@ -84,7 +84,7 @@ in { description = "Kevin Kandlbinder"; extraGroups = [ "wheel" "docker" "dialout" "networkmanager" ]; }; - kevin.ssh.authorized.kevin = true; + kevin.ssh.authorized.kevin.users = ["kevin" "root"]; }) (mkIf (cfg.defaults == "desktop") { services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/nixos/modules/kevin/ssh.nix b/nixos/modules/kevin/ssh.nix index 718f811..54fb5c2 100644 --- a/nixos/modules/kevin/ssh.nix +++ b/nixos/modules/kevin/ssh.nix @@ -2,20 +2,53 @@ with lib; let cfg = config.kevin.ssh; + authorizedOpts = {name, config, ...}: { + options = { + /*name = mkOption { + type = types.passwdEntry types.str; + description = "Name of the user. Must be the name of a directory in /etc/nixos/ssh"; + };*/ + users = mkOption { + type = with types; listOf types.str; + default = []; + example = [ + "kevin" + "root" + ]; + description = "Accounts this SSH key should have access to"; + }; + }; + }; in { + options.kevin.ssh = { server.enable = mkEnableOption "kevins ssh"; - authorized.kevin = mkEnableOption "set authorized for kevin"; + authorized = mkOption { + default = {}; + type = with types; attrsOf (submodule authorizedOpts); + example = { + kevin = { + users = [ "kevin" "root" ]; + }; + }; + description = "Object containing users and the accounts they are authorized for."; + }; }; config = mkMerge [ (mkIf cfg.server.enable { kevin.networking.ssh.enable = true; }) - (mkIf cfg.authorized.kevin { - users.users."kevin".openssh.authorizedKeys.keyFiles = [ - /etc/nixos/ssh/kevin/authorized_keys - ]; - }) + { + users.users = mkMerge (map (name: ( + mkMerge ( + map (user: { + "${user}".openssh.authorizedKeys.keyFiles = [ + "/etc/nixos/ssh/${name}/authorized_keys" + ]; + }) cfg.authorized."${name}".users + ) + )) (attrNames cfg.authorized)); + } ]; }