nil/modules/system/ssh.nix

{ config, lib, pkgs, user, ... }:
#with lib.my;
with lib;
let
  this = config.my.system.ssh;
  publicKey = pkgs.fetchurl {
    url = "https://github.com/jamesepatrick.keys";
    sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";
  };
in
{
  options.my = {
    system.ssh.enable = mkOption {
      default = true;
      type = with types; bool;
    };
  };

  config = mkIf this.enable {
    # Openssh settings for security
    services.openssh = {
      enable = true;
      permitRootLogin = "no";
      passwordAuthentication = false;
    };

    users.users."${user.name}".openssh.authorizedKeys.keyFiles = [ publicKey ];
  };
}
Switching from hardcoded username. Will this ever change? No like likely, but I do think that this is the correct way to do this. 2022-08-14 23:35:15 +00:00			`{ config, lib, pkgs, user, ... }:`
Split out ssh configuration 2022-08-14 03:10:13 +00:00			`#with lib.my;`
			`with lib;`
			`let`
			`this = config.my.system.ssh;`
			`publicKey = pkgs.fetchurl {`
			`url = "https://github.com/jamesepatrick.keys";`
			`sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";`
			`};`
Switching from hardcoded username. Will this ever change? No like likely, but I do think that this is the correct way to do this. 2022-08-14 23:35:15 +00:00			`in`
			`{`
Split out ssh configuration 2022-08-14 03:10:13 +00:00			`options.my = {`
			`system.ssh.enable = mkOption {`
			`default = true;`
			`type = with types; bool;`
			`};`
			`};`

			`config = mkIf this.enable {`
			`# Openssh settings for security`
			`services.openssh = {`
			`enable = true;`
			`permitRootLogin = "no";`
			`passwordAuthentication = false;`
			`};`

Switching from hardcoded username. Will this ever change? No like likely, but I do think that this is the correct way to do this. 2022-08-14 23:35:15 +00:00			`users.users."${user.name}".openssh.authorizedKeys.keyFiles = [ publicKey ];`
Split out ssh configuration 2022-08-14 03:10:13 +00:00			`};`
			`}`