30 lines
645 B
Nix
30 lines
645 B
Nix
{ config, lib, pkgs, user, ... }:
|
|
#with lib.my;
|
|
with lib;
|
|
let
|
|
this = config.my.system.ssh;
|
|
publicKey = pkgs.fetchurl {
|
|
url = "https://github.com/jamesepatrick.keys";
|
|
sha256 = "sha256-alm6KRFca4VjzTyVEg+j1s0uKaSfvV76o3sgYNAisSA=";
|
|
};
|
|
in
|
|
{
|
|
options.my = {
|
|
system.ssh.enable = mkOption {
|
|
default = true;
|
|
type = with types; bool;
|
|
};
|
|
};
|
|
|
|
config = mkIf this.enable {
|
|
# Openssh settings for security
|
|
services.openssh = {
|
|
enable = true;
|
|
permitRootLogin = "no";
|
|
passwordAuthentication = false;
|
|
};
|
|
|
|
users.users."${user.name}".openssh.authorizedKeys.keyFiles = [ publicKey ];
|
|
};
|
|
}
|