35 lines
826 B
Nix
35 lines
826 B
Nix
{ config, lib, ... }:
|
|
let
|
|
account = config.repo.account;
|
|
personalPublicKeys =
|
|
machines:
|
|
map (machine: (machine.sshKeys or { }).personal.publicKey) (
|
|
lib.filter (machine: (machine.sshKeys or { }) ? personal) (builtins.attrValues machines)
|
|
);
|
|
in
|
|
{
|
|
flake.modules.nixos.sudo-ssh-agent-auth = {
|
|
security.pam = {
|
|
rssh.enable = true;
|
|
services.sudo.rssh = true;
|
|
};
|
|
};
|
|
|
|
flake.modules.nixos.openssh =
|
|
{ ... }:
|
|
{
|
|
services.openssh.openFirewall = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
AllowUsers = [ account.name ];
|
|
};
|
|
};
|
|
|
|
users.users.${account.name}.openssh.authorizedKeys.keys = personalPublicKeys config.repo.machines;
|
|
};
|
|
}
|