john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssh options into variables

Browse Source
This commit is contained in:
John Lancaster
2026-03-29 15:29:30 -05:00
parent 93458a5e53
commit 0cf3f05df2
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/services/ssh.nix
+17 -4
View File
@@ -8,16 +8,29 @@ in
let let
cfg = config.ssh; cfg = config.ssh;
userCAPath = "ssh/ssh_user_ca.pub"; userCAPath = "ssh/ssh_user_ca.pub";
hostKeyFile = "ssh/ssh_host_ed25519_key";
in in
{ {
options.ssh = { options.ssh = {
configDir = lib.mkOption {
description = "String path to the host SSH config directory";
type = lib.types.str;
default = "/etc/ssh";
};
hostKey = lib.mkOption {
description = "String path to the host private key file";
type = lib.types.str;
default = "${cfg.configDir}/ssh_host_ed25519_key";
};
certificates = { certificates = {
enable = lib.mkEnableOption "Enable SSH host certificates"; enable = lib.mkEnableOption "Enable SSH host certificates";
userCA = lib.mkOption { userCA = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = ../../keys/ssh_user_ca.pub; default = ../../keys/ssh_user_ca.pub;
}; };
userCAPath = lib.mkOption {
type = lib.types.str;
default = "${cfg.configDir}/ssh_user_ca.pub";
};
}; };
}; };
@@ -29,11 +42,11 @@ in
{ {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
HostKey = "/etc/${hostKeyFile}"; HostKey = cfg.hostKey;
} }
(lib.mkIf cfg.certificates.enable { (lib.mkIf cfg.certificates.enable {
TrustedUserCAKeys = "/etc/${userCAPath}"; TrustedUserCAKeys = cfg.certificates.userCAPath;
HostCertificate = "/etc/${hostKeyFile}-cert.pub"; HostCertificate = "${cfg.hostKey}-cert.pub";
}) })
]; ];
}; };