nix/modules/stuff/ssh.nix

38 lines
1,022 B
Nix
Raw Normal View History

2024-08-01 21:22:47 +02:00
{ lib, pkgs, config, ...}: let
inherit (lib) elemAt splitString mapAttrs' hasAttr mkIf mkEnableOption mkOption;
cfg = config.chuj.stuff.ssh;
user = config.chuj.system.user;
in {
options.chuj.stuff.ssh = {
enable = mkEnableOption "ssh";
keys = mkOption {
type = lib.types.attrs;
default = {};
};
2024-08-10 01:03:29 +02:00
authKeys = mkOption {
type = lib.types.listOf lib.types.str;
default = [];
};
2024-08-01 21:22:47 +02:00
};
config = mkIf cfg.enable {
2024-08-10 01:03:29 +02:00
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.${user}.openssh.authorizedKeys.keys = cfg.authKeys;
2024-08-01 21:22:47 +02:00
home-manager.users.${user}.programs.ssh = {
enable = true;
matchBlocks = mapAttrs'
(host: hostcfg: {
name = elemAt (splitString "@" host) 1;
value = {
user = elemAt (splitString "@" host) 0;
identityFile = "~/.ssh/keys/${hostcfg.file}";
2024-10-16 11:40:24 +02:00
setEnv = hostcfg.env or {};
2024-08-01 21:22:47 +02:00
};
}) cfg.keys;
};
};
}