john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssh options into variables

Browse Source
This commit is contained in:
John Lancaster
2026-03-29 15:29:30 -05:00
parent 93458a5e53
commit 0cf3f05df2
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/services/ssh.nix
+17 -4
View File
@@ -8,16 +8,29 @@ in
let
cfg = config.ssh;
userCAPath = "ssh/ssh_user_ca.pub";
hostKeyFile = "ssh/ssh_host_ed25519_key";
in
{
options.ssh = {
configDir = lib.mkOption {
description = "String path to the host SSH config directory";
type = lib.types.str;
default = "/etc/ssh";
};
hostKey = lib.mkOption {
description = "String path to the host private key file";
type = lib.types.str;
default = "${cfg.configDir}/ssh_host_ed25519_key";
};
certificates = {
enable = lib.mkEnableOption "Enable SSH host certificates";
userCA = lib.mkOption {
type = lib.types.path;
default = ../../keys/ssh_user_ca.pub;
};
userCAPath = lib.mkOption {
type = lib.types.str;
default = "${cfg.configDir}/ssh_user_ca.pub";
};
};
};
@@ -29,11 +42,11 @@ in
{
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
HostKey = "/etc/${hostKeyFile}";
HostKey = cfg.hostKey;
}
(lib.mkIf cfg.certificates.enable {
TrustedUserCAKeys = "/etc/${userCAPath}";
HostCertificate = "/etc/${hostKeyFile}-cert.pub";
TrustedUserCAKeys = cfg.certificates.userCAPath;
HostCertificate = "${cfg.hostKey}-cert.pub";
})
];
};