Jaculabilis
/
nixos-configs
1
1
Fork 0
Code Releases Activity

Add default ssh config

This commit is contained in:
Tim Van Baak 2023-08-02 15:18:26 +00:00
parent ec88265631
commit d87f127954
2 changed files with 37 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
machine/backyard/default.nix
View File

@ -17,21 +17,7 @@
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# Define a user account. Don't forget to set a password with passwd. users.users.tvb.extraGroups = [ "networkmanager" ];
users.users.tvb = {
isNormalUser = true;
group = "tvb";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [
../../keys/tvb.palamas.pub
../../keys/tvb.stagirite.pub
../../keys/tvb.catacomb.pub
../../keys/tvb.unfolder.pub
];
};
users.groups.tvb = {};
services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];

36
modules/beatific.nix
View File

@ -3,6 +3,11 @@
let let
inherit (lib) mkDefault mkIf mkMerge mkOption mkOverride types; inherit (lib) mkDefault mkIf mkMerge mkOption mkOverride types;
cfg = config.beatific; cfg = config.beatific;
mkFlag = description: mkOption {
type = types.bool;
inherit description;
default = true;
};
in { in {
options = { options = {
beatific = { beatific = {
@ -36,6 +41,14 @@ in {
description = "Default installed programs"; description = "Default installed programs";
default = true; default = true;
}; };
ssh = mkFlag "Enable openssh";
tvb = mkOption {
type = types.bool;
description = "Default tvb account";
default = true;
};
}; };
}; };
}; };
@ -82,5 +95,28 @@ in {
# The nixpkgs default is "nano", so we go one priority higher # The nixpkgs default is "nano", so we go one priority higher
environment.variables.EDITOR = mkOverride 999 "vim"; environment.variables.EDITOR = mkOverride 999 "vim";
}) })
(mkIf cfg.defaults.ssh {
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ];
})
(mkIf cfg.defaults.tvb {
users.groups.tvb = {};
users.users.tvb = {
isNormalUser = true;
group = "tvb";
extraGroups = [ "wheel" ];
initialPassword = "password";
openssh.authorizedKeys.keyFiles = [
../keys/tvb.catacomb.pub
../keys/tvb.empyrean.pub
../keys/tvb.palamas.pub
../keys/tvb.stagirite.pub
../keys/tvb.unfolder.pub
../keys/tvb.vagrant.pub
];
};
})
]; ];
} }