32 lines
No EOL
753 B
Nix
32 lines
No EOL
753 B
Nix
{ ... }:
|
|
let
|
|
lib = import <nixpkgs/lib>;
|
|
opensshConfig = import ../config/openssh.nix;
|
|
|
|
userExtraConfig =
|
|
if opensshConfig ? extraConfig && opensshConfig.extraConfig ? users && builtins.isAttrs opensshConfig.extraConfig.users then
|
|
opensshConfig.extraConfig.users
|
|
else
|
|
{};
|
|
|
|
renderedUserMatches = lib.concatStringsSep "\n" (
|
|
lib.mapAttrsToList (user: cfg: ''
|
|
Match User ${user}
|
|
${cfg}
|
|
'') userExtraConfig
|
|
);
|
|
in
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = true;
|
|
PermitRootLogin = "no";
|
|
GatewayPorts = "no";
|
|
AllowUsers = opensshConfig.ssh_users;
|
|
};
|
|
extraConfig = renderedUserMatches;
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
} |