Add default ssh config

This commit is contained in:
Tim Van Baak 2023-08-02 15:18:26 +00:00
parent ec88265631
commit d87f127954
2 changed files with 37 additions and 15 deletions

View File

@ -17,21 +17,7 @@
# Enable networking
networking.networkmanager.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.tvb = {
isNormalUser = true;
group = "tvb";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [
../../keys/tvb.palamas.pub
../../keys/tvb.stagirite.pub
../../keys/tvb.catacomb.pub
../../keys/tvb.unfolder.pub
];
};
users.groups.tvb = {};
services.openssh.enable = true;
users.users.tvb.extraGroups = [ "networkmanager" ];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];

View File

@ -3,6 +3,11 @@
let
inherit (lib) mkDefault mkIf mkMerge mkOption mkOverride types;
cfg = config.beatific;
mkFlag = description: mkOption {
type = types.bool;
inherit description;
default = true;
};
in {
options = {
beatific = {
@ -36,6 +41,14 @@ in {
description = "Default installed programs";
default = true;
};
ssh = mkFlag "Enable openssh";
tvb = mkOption {
type = types.bool;
description = "Default tvb account";
default = true;
};
};
};
};
@ -82,5 +95,28 @@ in {
# The nixpkgs default is "nano", so we go one priority higher
environment.variables.EDITOR = mkOverride 999 "vim";
})
(mkIf cfg.defaults.ssh {
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ];
})
(mkIf cfg.defaults.tvb {
users.groups.tvb = {};
users.users.tvb = {
isNormalUser = true;
group = "tvb";
extraGroups = [ "wheel" ];
initialPassword = "password";
openssh.authorizedKeys.keyFiles = [
../keys/tvb.catacomb.pub
../keys/tvb.empyrean.pub
../keys/tvb.palamas.pub
../keys/tvb.stagirite.pub
../keys/tvb.unfolder.pub
../keys/tvb.vagrant.pub
];
};
})
];
}