Add more SSH settings

This commit is contained in:
Inex Code 2021-11-15 16:35:04 +03:00
parent 05627a1dc9
commit 7193030b37
4 changed files with 42 additions and 14 deletions

View file

@ -45,9 +45,13 @@ Example JSON config:
}, },
"timezone": "Europe/Moscow", "timezone": "Europe/Moscow",
"resticPassword": "PASS", "resticPassword": "PASS",
"rootSshKeys": [ "ssh": {
"ssh-ed25519 KEY user@host" "enable": true,
], "rootSshKeys": [
"ssh-ed25519 KEY user@host"
],
"passwordAuthentication": true
},
"username": "owner", "username": "owner",
"users": [ "users": [
{ {

View file

@ -37,10 +37,10 @@
}; };
time.timeZone = config.services.userdata.timezone; time.timeZone = config.services.userdata.timezone;
i18n.defaultLocale = "en_GB.UTF-8"; i18n.defaultLocale = "en_GB.UTF-8";
users.users.root.openssh.authorizedKeys.keys = config.services.userdata.rootSshKeys; users.users.root.openssh.authorizedKeys.keys = config.services.userdata.ssh.rootKeys;
services.openssh = { services.openssh = {
enable = true; enable = config.services.userdata.ssh.enable;
passwordAuthentication = true; passwordAuthentication = config.services.userdata.ssh.passwordAuthentication;
permitRootLogin = "yes"; permitRootLogin = "yes";
openFirewall = false; openFirewall = false;
}; };

View file

@ -103,10 +103,21 @@
"resticPassword": { "resticPassword": {
"type": "string" "type": "string"
}, },
"rootSshKeys": { "ssh": {
"type": "array", "type": "object",
"items": { "properties": {
"type": "string" "enable": {
"type": "boolean"
},
"rootKeys": {
"type": "array",
"items": {
"type": "string"
}
},
"passwordAuthentication": {
"type": "boolean"
}
} }
}, },
"users": { "users": {

View file

@ -117,11 +117,24 @@ in
''; '';
type = types.nullOr types.string; type = types.nullOr types.string;
}; };
rootSshKeys = mkOption { ssh = {
description = '' enable = mkOption {
default = true;
type = types.nullOr types.bool;
};
rootKeys = mkOption {
description = ''
Root SSH Keys Root SSH Keys
''; '';
type = types.nullOr (types.listOf types.string); type = types.nullOr (types.listOf types.string);
};
passwordAuthentication = mkOption {
description = ''
Password authentication for SSH
'';
default = true;
type = types.nullOr types.bool;
};
}; };
timezone = mkOption { timezone = mkOption {
description = '' description = ''