Split out ssh configuration

2022-08-13 23:10:13 -04:00 · 2022-08-13 23:10:13 -04:00 · 7d86731622
commit 7d86731622
parent f4dfcb7358
2 changed files with 28 additions and 11 deletions
--- a/modules/system/ssh.nix
+++ b/modules/system/ssh.nix
@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+#with lib.my;
+with lib;
+let
+  this = config.my.system.ssh;
+  publicKey = pkgs.fetchurl {
+    url = "https://github.com/jamesepatrick.keys";
+    sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";
+  };
+in {
+  options.my = {
+    system.ssh.enable = mkOption {
+      default = true;
+      type = with types; bool;
+    };
+  };
+
+  config = mkIf this.enable {
+    # Openssh settings for security
+    services.openssh = {
+      enable = true;
+      permitRootLogin = "no";
+      passwordAuthentication = false;
+    };
+
+    users.users.james.openssh.authorizedKeys.keyFiles = [ publicKey ];
+  };
+}
--- a/profiles/minimal.nix
+++ b/profiles/minimal.nix
@ -1,10 +1,6 @@
 { inputs, config, pkgs, ... }:

 let
-  publicKey = pkgs.fetchurl {
-    url = "https://github.com/jamesepatrick.keys";
-    sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";
-  };
 in {

  imports = [
@ -45,7 +41,6 @@ in {
      extraGroups = [ "wheel" "systemd-journal" ];
      initialPassword = "nixos";
      isNormalUser = true;
-      openssh.authorizedKeys.keyFiles = [ publicKey ];
      shell = pkgs.zsh;
    };
  };
@ -70,10 +65,4 @@ in {
    enableSSHSupport = true;
  };

-  # Openssh settings for security
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "no";
-    passwordAuthentication = false;
-  };
 }