Update SSH configuration system

2025-05-22 03:26:09 +02:00 · 2023-01-04 15:12:41 +01:00 · 2023-01-04 15:12:41 +01:00 · b02db50513
commit b02db50513
parent ee9830b87f
2 changed files with 40 additions and 7 deletions
--- a/nixos/modules/kevin/default.nix
+++ b/nixos/modules/kevin/default.nix
@ -84,7 +84,7 @@ in {
        description = "Kevin Kandlbinder";
        extraGroups = [ "wheel" "docker" "dialout" "networkmanager" ]; 
      };
-      kevin.ssh.authorized.kevin = true;
+      kevin.ssh.authorized.kevin.users = ["kevin" "root"];
    })
    (mkIf (cfg.defaults == "desktop") {
      services.xserver.videoDrivers = [ "nvidia" ];
--- a/nixos/modules/kevin/ssh.nix
+++ b/nixos/modules/kevin/ssh.nix
@ -2,20 +2,53 @@
 with lib;                      
 let
  cfg = config.kevin.ssh;
+  authorizedOpts = {name, config, ...}: {
+    options = {
+      /*name = mkOption { 
+        type = types.passwdEntry types.str;
+        description = "Name of the user. Must be the name of a directory in /etc/nixos/ssh";
+      };*/
+      users = mkOption {
+        type = with types; listOf types.str;
+        default = [];
+        example = [
+          "kevin"
+          "root"
+        ];
+        description = "Accounts this SSH key should have access to";
+      };
+    };
+  };
 in {
+
  options.kevin.ssh = {
    server.enable = mkEnableOption "kevins ssh";
-    authorized.kevin = mkEnableOption "set authorized for kevin";
+    authorized = mkOption {
+      default = {};
+      type = with types; attrsOf (submodule authorizedOpts);
+      example = {
+        kevin = {
+          users = [ "kevin" "root" ];
+        };
+      };
+      description = "Object containing users and the accounts they are authorized for.";
+    };
  };

  config = mkMerge [
    (mkIf cfg.server.enable {
      kevin.networking.ssh.enable = true;
    })
-    (mkIf cfg.authorized.kevin {
-      users.users."kevin".openssh.authorizedKeys.keyFiles = [
-        /etc/nixos/ssh/kevin/authorized_keys
-      ];
-    })
+    {
+      users.users = mkMerge (map (name: (
+        mkMerge (
+          map (user: {
+            "${user}".openssh.authorizedKeys.keyFiles = [
+              "/etc/nixos/ssh/${name}/authorized_keys"
+            ];
+          }) cfg.authorized."${name}".users
+        )
+      )) (attrNames cfg.authorized));
+    }
  ];
 }