about summary refs log tree commit diff
path: root/modules/openssh.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/openssh.nix')
-rw-r--r--modules/openssh.nix33
1 files changed, 16 insertions, 17 deletions
diff --git a/modules/openssh.nix b/modules/openssh.nix
index 470b6c9..a41f0d6 100644
--- a/modules/openssh.nix
+++ b/modules/openssh.nix
@@ -4,26 +4,25 @@
   pkgs,
   ...
 }:
-with lib;
 let
   cfg = config.nixfiles.modules.openssh;
 in
 {
   options.nixfiles.modules.openssh = {
-    client.enable = mkEnableOption "OpenSSH client";
+    client.enable = lib.mkEnableOption "OpenSSH client";
     server = {
-      enable = mkEnableOption "OpenSSH server";
+      enable = lib.mkEnableOption "OpenSSH server";
 
-      port = mkOption {
+      port = lib.mkOption {
         description = "OpenSSH server port.";
-        type = types.port;
+        type = lib.types.port;
         default = 22022; # Port 22 should be occupied by a tarpit.
       };
     };
   };
 
-  config = mkMerge [
-    (mkIf cfg.client.enable {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.client.enable {
       hm = {
         home.packages = with pkgs; [
           mosh
@@ -49,11 +48,11 @@ in
                 {
                   hostname ? name,
                   port ? 22022, # NOTE This is not the default OpenSSH port.
-                  user ? my.username,
-                  identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}",
+                  user ? lib.my.username,
+                  identityFile ? "${config.my.home}/.ssh/${lib.my.username}_${lib.my.ssh.type}",
                   extraAttrs ? { },
                 }:
-                nameValuePair name (
+                lib.nameValuePair name (
                   {
                     inherit
                       hostname
@@ -65,23 +64,23 @@ in
                   // extraAttrs
                 );
 
-              internalServers = mapAttrs' mkBlock (
-                mapAttrs (name: _: { hostname = "${name}.${my.domain.shire}"; }) (
-                  filterAttrs (_: attr: hasAttr "wireguard" attr && attr.isHeadless) my.configurations
+              internalServers = lib.mapAttrs' mkBlock (
+                lib.mapAttrs (name: _: { hostname = "${name}.${lib.my.domain.shire}"; }) (
+                  lib.filterAttrs (_: attr: lib.hasAttr "wireguard" attr && attr.isHeadless) lib.my.configurations
                 )
               );
             in
             internalServers
-            // (mapAttrs' mkBlock {
+            // (lib.mapAttrs' mkBlock {
               gitolite = {
                 user = "git";
-                hostname = "git.${my.domain.shire}";
+                hostname = "git.${lib.my.domain.shire}";
               };
             });
         };
       };
     })
-    (mkIf cfg.server.enable {
+    (lib.mkIf cfg.server.enable {
       ark.files = [
         "/etc/ssh/ssh_host_ed25519_key"
         "/etc/ssh/ssh_host_ed25519_key.pub"
@@ -101,7 +100,7 @@ in
             KbdInteractiveAuthentication = false;
             MaxAuthTries = 3;
             PasswordAuthentication = false;
-            PermitRootLogin = mkForce "no";
+            PermitRootLogin = lib.mkForce "no";
           };
         };
 

Consider giving Nix/NixOS a try! <3