mirror of
https://github.com/Unkn0wnCat/dotfiles.git
synced 2025-05-22 11:36:08 +02:00
Update SSH configuration system
This commit is contained in:
parent
ee9830b87f
commit
b02db50513
2 changed files with 40 additions and 7 deletions
|
|
@ -84,7 +84,7 @@ in {
|
||||||
description = "Kevin Kandlbinder";
|
description = "Kevin Kandlbinder";
|
||||||
extraGroups = [ "wheel" "docker" "dialout" "networkmanager" ];
|
extraGroups = [ "wheel" "docker" "dialout" "networkmanager" ];
|
||||||
};
|
};
|
||||||
kevin.ssh.authorized.kevin = true;
|
kevin.ssh.authorized.kevin.users = ["kevin" "root"];
|
||||||
})
|
})
|
||||||
(mkIf (cfg.defaults == "desktop") {
|
(mkIf (cfg.defaults == "desktop") {
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
|
|
|
||||||
|
|
@ -2,20 +2,53 @@
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.kevin.ssh;
|
cfg = config.kevin.ssh;
|
||||||
|
authorizedOpts = {name, config, ...}: {
|
||||||
|
options = {
|
||||||
|
/*name = mkOption {
|
||||||
|
type = types.passwdEntry types.str;
|
||||||
|
description = "Name of the user. Must be the name of a directory in /etc/nixos/ssh";
|
||||||
|
};*/
|
||||||
|
users = mkOption {
|
||||||
|
type = with types; listOf types.str;
|
||||||
|
default = [];
|
||||||
|
example = [
|
||||||
|
"kevin"
|
||||||
|
"root"
|
||||||
|
];
|
||||||
|
description = "Accounts this SSH key should have access to";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options.kevin.ssh = {
|
options.kevin.ssh = {
|
||||||
server.enable = mkEnableOption "kevins ssh";
|
server.enable = mkEnableOption "kevins ssh";
|
||||||
authorized.kevin = mkEnableOption "set authorized for kevin";
|
authorized = mkOption {
|
||||||
|
default = {};
|
||||||
|
type = with types; attrsOf (submodule authorizedOpts);
|
||||||
|
example = {
|
||||||
|
kevin = {
|
||||||
|
users = [ "kevin" "root" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
description = "Object containing users and the accounts they are authorized for.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf cfg.server.enable {
|
(mkIf cfg.server.enable {
|
||||||
kevin.networking.ssh.enable = true;
|
kevin.networking.ssh.enable = true;
|
||||||
})
|
})
|
||||||
(mkIf cfg.authorized.kevin {
|
{
|
||||||
users.users."kevin".openssh.authorizedKeys.keyFiles = [
|
users.users = mkMerge (map (name: (
|
||||||
/etc/nixos/ssh/kevin/authorized_keys
|
mkMerge (
|
||||||
|
map (user: {
|
||||||
|
"${user}".openssh.authorizedKeys.keyFiles = [
|
||||||
|
"/etc/nixos/ssh/${name}/authorized_keys"
|
||||||
];
|
];
|
||||||
})
|
}) cfg.authorized."${name}".users
|
||||||
|
)
|
||||||
|
)) (attrNames cfg.authorized));
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue