2023-01-09 02:40:25 +00:00
|
|
|
{ config, lib, sane-data, sane-lib, ... }:
|
2023-01-08 03:22:05 +00:00
|
|
|
|
2023-01-19 23:23:41 +00:00
|
|
|
let
|
2023-06-15 07:54:31 +00:00
|
|
|
inherit (builtins) attrValues head map mapAttrs tail;
|
2023-01-19 23:23:41 +00:00
|
|
|
inherit (lib) concatStringsSep mkMerge reverseList;
|
|
|
|
in
|
2023-01-09 02:40:25 +00:00
|
|
|
{
|
|
|
|
sane.ssh.pubkeys =
|
|
|
|
let
|
|
|
|
# path is a DNS-style path like [ "org" "uninsane" "root" ]
|
|
|
|
keyNameForPath = path:
|
|
|
|
let
|
2023-01-19 23:23:41 +00:00
|
|
|
rev = reverseList path;
|
|
|
|
name = head rev;
|
|
|
|
host = concatStringsSep "." (tail rev);
|
2023-01-09 02:40:25 +00:00
|
|
|
in
|
|
|
|
"${name}@${host}";
|
2023-01-08 03:22:05 +00:00
|
|
|
|
2023-01-09 03:48:07 +00:00
|
|
|
# [{ path :: [String], value :: String }] for the keys we want to install
|
|
|
|
globalKeys = sane-lib.flattenAttrs sane-data.keys;
|
2023-06-15 07:54:31 +00:00
|
|
|
|
|
|
|
keysForHost = hostCfg: sane-lib.mapToAttrs
|
|
|
|
(name: {
|
|
|
|
inherit name;
|
|
|
|
value = {
|
|
|
|
colin = hostCfg.ssh.user_pubkey;
|
|
|
|
root = hostCfg.ssh.host_pubkey;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
hostCfg.names
|
|
|
|
;
|
2023-01-19 23:23:41 +00:00
|
|
|
domainKeys = sane-lib.flattenAttrs (
|
2023-06-15 07:54:31 +00:00
|
|
|
sane-lib.joinAttrsets (
|
|
|
|
map keysForHost (builtins.attrValues config.sane.hosts.by-name)
|
|
|
|
)
|
2023-01-19 23:23:41 +00:00
|
|
|
);
|
|
|
|
in mkMerge (map
|
2023-01-09 03:48:07 +00:00
|
|
|
({ path, value }: {
|
2023-01-19 23:23:41 +00:00
|
|
|
"${keyNameForPath path}" = lib.mkIf (value != null) value;
|
2023-01-09 03:48:07 +00:00
|
|
|
})
|
2023-01-19 23:23:41 +00:00
|
|
|
(globalKeys ++ domainKeys)
|
2023-01-09 03:48:07 +00:00
|
|
|
);
|
2023-05-28 20:39:18 +00:00
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings.PermitRootLogin = "no";
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
};
|
2023-05-31 04:25:39 +00:00
|
|
|
sane.ports.ports."22" = {
|
|
|
|
protocol = [ "tcp" ];
|
|
|
|
visibleTo.lan = true;
|
|
|
|
description = lib.mkDefault "colin-ssh";
|
|
|
|
};
|
2022-10-25 09:09:27 +00:00
|
|
|
}
|