tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

lib/ssh: add more ssh keys

Browse Source
This commit is contained in:
javalsai
2026-05-03 00:11:27 +02:00
committed by ErrorNoInternet
parent d4d560c30f
commit cc52b0e6cb
3 changed files with 39 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/openssh.nix
+1 -5
View File
@@ -1,17 +1,13 @@
{ self, ... }:
{
services.openssh = {
enable = true;
settings = {
ClientAliveInterval = 300;
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues {
inherit (import "${self}/lib/ssh/keys.nix") error javalsai;
};
}
nixos/users.nix
+33 -15
View File
@@ -16,6 +16,9 @@ let
{
name = "vectorum";
}
{
name = "pickzelle";
}
];
adminGroups = [
@@ -27,21 +30,30 @@ let
"wheel"
];
mkUser = name: uid: options: {
users.users.${name} = {
isNormalUser = true;
extraGroups = lib.optionals (options.admin or false) adminGroups;
inherit uid;
getSSHKeys =
username:
let
sshKeys = import "${self}/lib/ssh/keys.nix";
in
if (builtins.hasAttr username sshKeys) then
lib.lists.toList sshKeys.${username}
else
lib.warn "user ${username} declared without ssh key" [ ];
openssh.authorizedKeys.keys =
let
keys = import "${self}/lib/ssh/keys.nix";
in
if (builtins.hasAttr name keys) then
[ keys.${name} ]
else
lib.warn "user ${name} declared without ssh key" [ ];
};
mkUser =
name: uid: options:
let
admin = options.admin or false;
in
{
users.users.${name} = {
isNormalUser = true;
extraGroups = lib.optionals admin adminGroups;
inherit uid;
openssh.authorizedKeys.keys = getSSHKeys name;
};
systemd.slices."user-${builtins.toString uid}".sliceConfig = {
CPUQuota = "50%";
@@ -67,5 +79,11 @@ lib.recursiveUpdate
users
).options
{
users.users.root.initialPassword = "tuxcord";
users.users.root = {
initialPassword = "tuxcord";
openssh.authorizedKeys.keys = lib.lists.concatLists (
map (user: getSSHKeys user.name) (builtins.filter (user: user.options.admin or false) users)
);
};
}