diff options
| author | azahi <azat@bahawi.net> | 2024-11-10 01:08:38 +0300 |
|---|---|---|
| committer | azahi <azat@bahawi.net> | 2024-11-10 01:08:38 +0300 |
| commit | 693768ee37098dbebb38c86e27044f2faa38348d (patch) | |
| tree | 37c92a1c83cf22fa5e5a570baa8598ba6063c795 /modules/openssh.nix | |
| parent | 2024-10-29 (diff) | |
Diffstat (limited to 'modules/openssh.nix')
| -rw-r--r-- | modules/openssh.nix | 33 |
1 files changed, 16 insertions, 17 deletions
diff --git a/modules/openssh.nix b/modules/openssh.nix index 470b6c9..a41f0d6 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -4,26 +4,25 @@ pkgs, ... }: -with lib; let cfg = config.nixfiles.modules.openssh; in { options.nixfiles.modules.openssh = { - client.enable = mkEnableOption "OpenSSH client"; + client.enable = lib.mkEnableOption "OpenSSH client"; server = { - enable = mkEnableOption "OpenSSH server"; + enable = lib.mkEnableOption "OpenSSH server"; - port = mkOption { + port = lib.mkOption { description = "OpenSSH server port."; - type = types.port; + type = lib.types.port; default = 22022; # Port 22 should be occupied by a tarpit. }; }; }; - config = mkMerge [ - (mkIf cfg.client.enable { + config = lib.mkMerge [ + (lib.mkIf cfg.client.enable { hm = { home.packages = with pkgs; [ mosh @@ -49,11 +48,11 @@ in { hostname ? name, port ? 22022, # NOTE This is not the default OpenSSH port. - user ? my.username, - identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + user ? lib.my.username, + identityFile ? "${config.my.home}/.ssh/${lib.my.username}_${lib.my.ssh.type}", extraAttrs ? { }, }: - nameValuePair name ( + lib.nameValuePair name ( { inherit hostname @@ -65,23 +64,23 @@ in // extraAttrs ); - internalServers = mapAttrs' mkBlock ( - mapAttrs (name: _: { hostname = "${name}.${my.domain.shire}"; }) ( - filterAttrs (_: attr: hasAttr "wireguard" attr && attr.isHeadless) my.configurations + internalServers = lib.mapAttrs' mkBlock ( + lib.mapAttrs (name: _: { hostname = "${name}.${lib.my.domain.shire}"; }) ( + lib.filterAttrs (_: attr: lib.hasAttr "wireguard" attr && attr.isHeadless) lib.my.configurations ) ); in internalServers - // (mapAttrs' mkBlock { + // (lib.mapAttrs' mkBlock { gitolite = { user = "git"; - hostname = "git.${my.domain.shire}"; + hostname = "git.${lib.my.domain.shire}"; }; }); }; }; }) - (mkIf cfg.server.enable { + (lib.mkIf cfg.server.enable { ark.files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" @@ -101,7 +100,7 @@ in KbdInteractiveAuthentication = false; MaxAuthTries = 3; PasswordAuthentication = false; - PermitRootLogin = mkForce "no"; + PermitRootLogin = lib.mkForce "no"; }; }; |