2023-10-13 21:04:24 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
2024-05-05 12:38:40 +02:00
|
|
|
}: let
|
2024-07-15 23:18:25 +02:00
|
|
|
cfg = config.poz.services.ssh;
|
2024-05-05 12:38:40 +02:00
|
|
|
|
2024-07-24 18:47:53 +02:00
|
|
|
inherit (lib.meta) getExe';
|
2024-07-25 11:45:44 +02:00
|
|
|
inherit (lib.modules) mkIf mkMerge;
|
|
|
|
inherit (lib.options) mkEnableOption mkOption;
|
2024-08-25 22:33:45 +02:00
|
|
|
inherit (lib.types) attrsOf bool listOf nullOr number port str submodule;
|
2024-10-18 21:16:03 +02:00
|
|
|
inherit (lib.strings) concatStrings optionalString;
|
2024-05-05 12:38:40 +02:00
|
|
|
inherit (lib.attrsets) mapAttrsToList;
|
2024-07-05 00:41:59 +02:00
|
|
|
|
|
|
|
ksshaskpass = getExe' pkgs.libsForQt5.ksshaskpass "ksshaskpass";
|
|
|
|
ssh-agent = getExe' pkgs.openssh "ssh-agent";
|
2023-10-13 21:04:24 +02:00
|
|
|
in {
|
2024-07-15 23:18:25 +02:00
|
|
|
options.poz.services.ssh = {
|
2023-10-13 21:04:24 +02:00
|
|
|
daemon = mkOption {
|
|
|
|
description = "sshd options";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = submodule {
|
2023-10-13 21:04:24 +02:00
|
|
|
options = {
|
2024-04-05 22:59:32 +02:00
|
|
|
enable = mkEnableOption "sshd";
|
2023-10-13 21:04:24 +02:00
|
|
|
passwordAuth = mkOption {
|
|
|
|
description = "allow password auth";
|
|
|
|
default = false;
|
|
|
|
type = bool;
|
|
|
|
};
|
|
|
|
allowRoot = mkOption {
|
|
|
|
description = "allow root login";
|
|
|
|
default = false;
|
|
|
|
type = bool;
|
|
|
|
};
|
2024-08-25 22:33:45 +02:00
|
|
|
ports = mkOption {
|
|
|
|
description = "ssh ports";
|
|
|
|
type = listOf port;
|
|
|
|
};
|
2023-10-13 21:04:24 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
agent = mkOption {
|
|
|
|
description = "ssh agent options";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = submodule {
|
2023-10-13 21:04:24 +02:00
|
|
|
options = {
|
2024-04-05 22:59:32 +02:00
|
|
|
enable = mkEnableOption "ssh-agent";
|
2023-10-13 21:04:24 +02:00
|
|
|
hostAliases = mkOption {
|
|
|
|
description = "host aliases";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = attrsOf (submodule {
|
2023-10-13 21:04:24 +02:00
|
|
|
options = {
|
|
|
|
hostName = mkOption {
|
|
|
|
description = "hostname to ssh into";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = str;
|
2023-10-13 21:04:24 +02:00
|
|
|
};
|
2024-02-05 22:24:04 +01:00
|
|
|
port = mkOption {
|
|
|
|
description = "port to ssh into";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = nullOr number;
|
2024-02-05 22:24:04 +01:00
|
|
|
default = null;
|
|
|
|
};
|
2023-10-13 21:04:24 +02:00
|
|
|
user = mkOption {
|
|
|
|
description = "ssh user";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = str;
|
2023-10-13 21:04:24 +02:00
|
|
|
default = "git";
|
|
|
|
};
|
2024-03-06 12:11:58 +01:00
|
|
|
publicKey = mkOption {
|
|
|
|
description = "public key used for picking the correct key from the ssh-agent";
|
2024-05-05 12:38:40 +02:00
|
|
|
type = nullOr str;
|
2024-03-05 17:36:26 +01:00
|
|
|
default = null;
|
2023-10-13 21:04:24 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
});
|
2024-03-06 12:03:08 +01:00
|
|
|
default = {};
|
2023-10-13 21:04:24 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkMerge [
|
|
|
|
(mkIf cfg.daemon.enable {
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
2024-08-25 22:33:45 +02:00
|
|
|
inherit (cfg.daemon) ports;
|
2023-10-13 21:04:24 +02:00
|
|
|
settings = {
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
|
|
|
(mkIf cfg.agent.enable {
|
2024-03-03 02:25:43 +01:00
|
|
|
programs.ssh = {
|
|
|
|
enableAskPassword = true;
|
2024-07-05 00:41:59 +02:00
|
|
|
askPassword = ksshaskpass;
|
2024-03-03 02:25:43 +01:00
|
|
|
extraConfig = ''
|
|
|
|
AddKeysToAgent yes
|
2023-10-13 21:04:24 +02:00
|
|
|
|
2024-03-03 02:25:43 +01:00
|
|
|
${concatStrings (mapAttrsToList (name: value: ''
|
|
|
|
Host ${name}
|
|
|
|
HostName ${value.hostName}
|
|
|
|
User ${value.user}
|
2024-10-18 21:16:03 +02:00
|
|
|
${optionalString (value.port != null)
|
|
|
|
"Port ${toString value.port}"}
|
|
|
|
${optionalString (value.publicKey != null)
|
|
|
|
"IdentityFile ${pkgs.writeText "${name}.pub" value.publicKey}"}
|
2024-03-03 02:25:43 +01:00
|
|
|
'') cfg.agent.hostAliases)}
|
|
|
|
'';
|
|
|
|
};
|
2023-10-13 21:04:24 +02:00
|
|
|
|
|
|
|
systemd.user.services.ssh-agent = {
|
|
|
|
enable = true;
|
|
|
|
description = "SSH key agent";
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "simple";
|
2024-07-05 00:41:59 +02:00
|
|
|
ExecStart = "${ssh-agent} -D -a $SSH_AUTH_SOCK";
|
2023-10-13 21:04:24 +02:00
|
|
|
};
|
|
|
|
environment = {
|
|
|
|
SSH_AUTH_SOCK = "%t/ssh-agent.socket";
|
|
|
|
DISPLAY = ":0";
|
|
|
|
};
|
|
|
|
wantedBy = [ "default.target" ];
|
|
|
|
};
|
|
|
|
|
2023-10-13 23:18:35 +02:00
|
|
|
environment.sessionVariables = {
|
|
|
|
SSH_AUTH_SOCK = "\$XDG_RUNTIME_DIR/ssh-agent.socket";
|
|
|
|
};
|
2023-10-13 21:04:24 +02:00
|
|
|
})
|
|
|
|
];
|
|
|
|
}
|