dotfiles/nixos/modules/vps-remote-access.nix

36 lines
717 B
Nix
Raw Normal View History

# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.magic_rb.vpsRemoteAccess;
in {
options.magic_rb = {
vpsRemoteAccess = {
enable = mkEnableOption "Enable VPS remote access module.";
trustedWheel = mkEnableOption "Add the wheel group to Nix trusted-users.";
};
};
config =
mkIf cfg.enable
{
nix.settings.trusted-users =
mkIf cfg.trustedWheel
["@wheel"];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
};
}