Rename modules directory system to nixos

2026-03-22 20:09:07 +01:00 · 2026-02-26 21:11:45 +01:00 · 2026-02-26 21:11:45 +01:00 · 1c1b9221fc
commit 1c1b9221fc
parent 653a6f310b
48 changed files with 1 additions and 1 deletions
--- a/modules/nixos/services/sshd.nix
+++ b/modules/nixos/services/sshd.nix
@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  allHosts,
+  ...
+}:
+let
+  cfg = config.custom.services.sshd;
+  netCfg = config.custom.networking;
+in
+{
+  options.custom.services.sshd.enable = lib.mkEnableOption "";
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      openssh = {
+        enable = true;
+        openFirewall = false;
+        ports = lib.mkForce [ ];
+        listenAddresses = lib.singleton {
+          addr = netCfg.overlay.address;
+          port = 22;
+        };
+        settings = {
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+          PermitRootLogin = "no";
+        };
+      };
+
+      nebula.networks.mesh.firewall.inbound = lib.singleton {
+        port = 22;
+        proto = "tcp";
+        group = "client";
+      };
+    };
+
+    systemd.services.sshd = {
+      requires = [ netCfg.overlay.systemdUnit ];
+      after = [ netCfg.overlay.systemdUnit ];
+    };
+
+    users.users.seb.openssh.authorizedKeys.keyFiles =
+      allHosts
+      |> lib.attrValues
+      |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
+      |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
+      |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh)
+      |> lib.filter (ssh: ssh.enable)
+      |> lib.map (ssh: ssh.publicKeyFile);
+  };
+}