Switch to flake-based configuration

2025-05-10 06:46:36 +02:00 · 2023-02-27 13:34:57 +00:00 · 2023-02-27 13:34:57 +00:00 · f17713236d
commit f17713236d
parent fad1c56a56
25 changed files with 578 additions and 216 deletions
--- a/nixos/modules/ssh.nix
+++ b/nixos/modules/ssh.nix
@ -0,0 +1,60 @@
+{ lib, pkgs, config, ... }:
+with lib;                      
+let
+  cfg = config.kevin.ssh;
+  authorizedOpts = {name, config, ...}: {
+    options = {
+      users = mkOption {
+        type = with types; listOf types.str;
+        default = [];
+        example = [
+          "kevin"
+          "root"
+        ];
+        description = "Accounts this SSH key should have access to";
+      };
+    };
+  };
+in {
+
+  options.kevin.ssh = {
+    server.enable = mkEnableOption "kevins ssh";
+    authorized = mkOption {
+      default = {};
+      type = with types; attrsOf (submodule authorizedOpts);
+      example = {
+        kevin = {
+          users = [ "kevin" "root" ];
+        };
+      };
+      description = "Object containing users and the accounts they are authorized for.";
+    };
+  };
+
+  config = mkMerge [
+    (mkIf cfg.server.enable {
+      services.openssh = {
+        enable = true;
+        # require public key authentication for better security
+        settings = {
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+        };
+        #permitRootLogin = "yes";
+      };
+      
+      networking.firewall.allowedTCPPorts = [ 22 ];
+    })
+    {
+      users.users = mkMerge (map (name: (
+        mkMerge (
+          map (user: {
+            "${user}".openssh.authorizedKeys.keyFiles = [
+              "/etc/nixos/ssh/${name}/authorized_keys"
+            ];
+          }) cfg.authorized."${name}".users
+        )
+      )) (attrNames cfg.authorized));
+    }
+  ];
+}