refactor: restructure config files

2026-04-27 15:59:20 +02:00
parent bac6e4997b
commit 0b2ecd31b0
58 changed files with 6 additions and 2 deletions
@@ -0,0 +1,34 @@
+{ config, lib, ... }:
+let
+  account = config.repo.account;
+  personalPublicKeys =
+    machines:
+    map (machine: machine.sshKeys.personal.publicKey) (
+      lib.filter (machine: machine.sshKeys ? personal) (builtins.attrValues machines)
+    );
+in
+{
+  flake.modules.nixos.ssh-agent-auth = {
+    security.pam = {
+      rssh.enable = true;
+      services.sudo.rssh = true;
+    };
+  };
+
+  flake.modules.nixos.openssh =
+    { ... }:
+    {
+      services.openssh.openFirewall = true;
+
+      services.openssh = {
+        enable = true;
+        settings = {
+          PermitRootLogin = "no";
+          PasswordAuthentication = false;
+          AllowUsers = [ account.name ];
+        };
+      };
+
+      users.users.${account.name}.openssh.authorizedKeys.keys = personalPublicKeys config.repo.machines;
+    };
+}