nixos-config/nixos/modules/services/sshd.nix

{ pkgs, config, lib, ... }:

with lib;

let

  cfg = config.services.custom.ssh;

in
{

  options.services.custom.ssh = {
    tools.enable = mkEnableOption "Add ssh tools";
    sshd = {
      enable = mkEnableOption "Start sshd server";
      rootKeyFiles = mkOption {
        type = with types; listOf path;
        description = "keys to root login";
        default = [ ];
      };
    };
  };

  config = mkMerge [

    (mkIf cfg.tools.enable {
      environment.systemPackages = with pkgs;
        [
          # sshuttle
          sshfs
        ];
    })

    (mkIf cfg.sshd.enable {

      services.openssh = {
        enable = true;
        forwardX11 = true;
        passwordAuthentication = false;
      };

      users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles;

      services.openssh.extraConfig = ''
        Banner /etc/sshd/banner-line
      '';

      environment.etc."sshd/banner-line".text =
        let
          text = config.networking.hostName;
          size = 80 - (lib.stringLength text);
          space = lib.fixedWidthString size " " "";
        in
        ''
          ────────────────────────────────────────────────────────────────────────────────
          ${space}${text}
        '';

    })

  ];

}
init 2019-10-24 02:20:38 +02:00			`{ pkgs, config, lib, ... }:`

			`with lib;`

			`let`

			`cfg = config.services.custom.ssh;`

workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`{`
init 2019-10-24 02:20:38 +02:00
			`options.services.custom.ssh = {`
			`tools.enable = mkEnableOption "Add ssh tools";`
			`sshd = {`
			`enable = mkEnableOption "Start sshd server";`
			`rootKeyFiles = mkOption {`
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`type = with types; listOf path;`
init 2019-10-24 02:20:38 +02:00			`description = "keys to root login";`
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`default = [ ];`
init 2019-10-24 02:20:38 +02:00			`};`
			`};`
			`};`

			`config = mkMerge [`

nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`(mkIf cfg.tools.enable {`
			`environment.systemPackages = with pkgs;`
			`[`
			`# sshuttle`
			`sshfs`
			`];`
			`})`
init 2019-10-24 02:20:38 +02:00
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`(mkIf cfg.sshd.enable {`
init 2019-10-24 02:20:38 +02:00
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`services.openssh = {`
			`enable = true;`
			`forwardX11 = true;`
			`passwordAuthentication = false;`
			`};`
init 2019-10-24 02:20:38 +02:00
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles;`
init 2019-10-24 02:20:38 +02:00
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`services.openssh.extraConfig = ''`
			`Banner /etc/sshd/banner-line`
			`'';`
init 2019-10-24 02:20:38 +02:00
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`environment.etc."sshd/banner-line".text =`
			`let`
			`text = config.networking.hostName;`
			`size = 80 - (lib.stringLength text);`
			`space = lib.fixedWidthString size " " "";`
			`in`
			`''`
			`────────────────────────────────────────────────────────────────────────────────`
			`${space}${text}`
			`'';`
init 2019-10-24 02:20:38 +02:00
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`})`
init 2019-10-24 02:20:38 +02:00
			`];`

			`}`