2024-08-01 21:22:47 +02:00
|
|
|
{ lib, pkgs, config, ...}: let
|
|
|
|
|
inherit (lib) elemAt splitString mapAttrs' hasAttr mkIf mkEnableOption mkOption;
|
|
|
|
|
cfg = config.chuj.stuff.ssh;
|
|
|
|
|
user = config.chuj.system.user;
|
|
|
|
|
in {
|
|
|
|
|
options.chuj.stuff.ssh = {
|
|
|
|
|
enable = mkEnableOption "ssh";
|
|
|
|
|
keys = mkOption {
|
|
|
|
|
type = lib.types.attrs;
|
|
|
|
|
default = {};
|
|
|
|
|
};
|
2024-08-10 01:03:29 +02:00
|
|
|
authKeys = mkOption {
|
|
|
|
|
type = lib.types.listOf lib.types.str;
|
|
|
|
|
default = [];
|
|
|
|
|
};
|
2024-08-01 21:22:47 +02:00
|
|
|
};
|
|
|
|
|
config = mkIf cfg.enable {
|
2024-08-10 01:03:29 +02:00
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users.${user}.openssh.authorizedKeys.keys = cfg.authKeys;
|
|
|
|
|
|
2024-08-01 21:22:47 +02:00
|
|
|
home-manager.users.${user}.programs.ssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
matchBlocks = mapAttrs'
|
|
|
|
|
(host: hostcfg: {
|
|
|
|
|
name = elemAt (splitString "@" host) 1;
|
|
|
|
|
value = {
|
|
|
|
|
user = elemAt (splitString "@" host) 0;
|
|
|
|
|
|
|
|
|
|
identityFile = "~/.ssh/keys/${hostcfg.file}";
|
|
|
|
|
|
|
|
|
|
setEnv = if hasAttr "env" hostcfg
|
|
|
|
|
then hostcfg.env
|
|
|
|
|
else {};
|
|
|
|
|
};
|
|
|
|
|
}) cfg.keys;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
