From d87f1279546e00c00bf2ea57c34404a5ef7ce933 Mon Sep 17 00:00:00 2001
From: Tim Van Baak <tim.vanbaak@gmail.com>
Date: Wed, 2 Aug 2023 15:18:26 +0000
Subject: [PATCH] Add default ssh config

---
 machine/backyard/default.nix | 16 +---------------
 modules/beatific.nix         | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/machine/backyard/default.nix b/machine/backyard/default.nix
index a3df489..1413ee9 100644
--- a/machine/backyard/default.nix
+++ b/machine/backyard/default.nix
@@ -17,21 +17,7 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.tvb = {
-    isNormalUser = true;
-    group = "tvb";
-    extraGroups = [ "networkmanager" "wheel" ];
-    openssh.authorizedKeys.keyFiles = [
-      ../../keys/tvb.palamas.pub
-      ../../keys/tvb.stagirite.pub
-      ../../keys/tvb.catacomb.pub
-      ../../keys/tvb.unfolder.pub
-    ];
-  };
-  users.groups.tvb = {};
-
-  services.openssh.enable = true;
+  users.users.tvb.extraGroups = [ "networkmanager" ];
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
diff --git a/modules/beatific.nix b/modules/beatific.nix
index 70a6d8f..044f232 100644
--- a/modules/beatific.nix
+++ b/modules/beatific.nix
@@ -3,6 +3,11 @@
 let
   inherit (lib) mkDefault mkIf mkMerge mkOption mkOverride types;
   cfg = config.beatific;
+  mkFlag = description: mkOption {
+    type = types.bool;
+    inherit description;
+    default = true;
+  };
 in {
   options = {
     beatific = {
@@ -36,6 +41,14 @@ in {
           description = "Default installed programs";
           default = true;
         };
+
+        ssh = mkFlag "Enable openssh";
+
+        tvb = mkOption {
+          type = types.bool;
+          description = "Default tvb account";
+          default = true;
+        };
       };
     };
   };
@@ -82,5 +95,28 @@ in {
       # The nixpkgs default is "nano", so we go one priority higher
       environment.variables.EDITOR = mkOverride 999 "vim";
     })
+
+    (mkIf cfg.defaults.ssh {
+      services.openssh.enable = true;
+      networking.firewall.allowedTCPPorts = [ 22 ];
+    })
+
+    (mkIf cfg.defaults.tvb {
+      users.groups.tvb = {};
+      users.users.tvb = {
+        isNormalUser = true;
+        group = "tvb";
+        extraGroups = [ "wheel" ];
+        initialPassword = "password";
+        openssh.authorizedKeys.keyFiles = [
+          ../keys/tvb.catacomb.pub
+          ../keys/tvb.empyrean.pub
+          ../keys/tvb.palamas.pub
+          ../keys/tvb.stagirite.pub
+          ../keys/tvb.unfolder.pub
+          ../keys/tvb.vagrant.pub
+        ];
+      };
+    })
   ];
 }