[ssh] Move to actual module

2023-10-18 18:54:27 +02:00 · 2023-10-18 18:54:27 +02:00 · 37b3968722
commit 37b3968722
parent 197fcdbb81
10 changed files with 100 additions and 78 deletions
--- a/nixos/hosts/Tibo-NixFat/default.nix
+++ b/nixos/hosts/Tibo-NixFat/default.nix
@ -13,6 +13,7 @@

    programs = {
      home-manager.enable = true;
+      ssh.enable = true;
      zellij.enable = true;
    };
  };
@ -46,22 +47,29 @@
    zenith-nvidia
  ];

+  hardware.bluetooth.enable = true;
+  
+  networking.hostName = "Tibo-NixFat";
+
+  services = {
+    # Handle the laptop lid switch as follows:
+    logind = {
+      lidSwitch = "hybrid-sleep";
+      lidSwitchExternalPower = "lock";
+      lidSwitchDocked = "ignore";
+    };
+  };
+
  system.stateVersion = "23.05";

+  time.timeZone = "Europe/Brussels";
+
  # --- Barrier ---

  networking = {
-    hostName = "Tibo-NixFat";
    networkmanager.enable = true;
  };
  
-  # Set your time zone.
-  time.timeZone = "Europe/Brussels";
-  
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-  
  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
@ -79,20 +87,9 @@
    #media-session.enable = true;
  };

-  # Enable Bluetooth.
-  hardware.bluetooth.enable = true;
-  
-  services = {
-    logind = {
-      lidSwitch = "hybrid-sleep";
-      lidSwitchExternalPower = "lock";
-      lidSwitchDocked = "ignore";
-    };
-
-    # Enable touchpad support (enabled default in most desktopManager).
-    xserver = {
-      libinput.enable = true;
-    };
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver = {
+    libinput.enable = true;
  };

  # Allow unfree packages
--- a/nixos/modules-old/utils/sops/README.md
+++ b/nixos/modules-old/utils/sops/README.md
--- a/nixos/modules-old/utils/ssh/default.nix
+++ b/nixos/modules-old/utils/ssh/default.nix
@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-  };
-
-  home-manager.users.tdpeuter = {
-    programs.ssh = {
-      enable = true;
-      matchBlocks = {
-        "Hugo" = {
-          hostname = "192.168.0.11";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/Hugo/ssh";
-          user = "admin";
-        };
-        "HPC" = {
-          hostname = "login.hpc.ugent.be";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/UGent/HPC/ssh";
-          user = "vsc44995";
-        };
-
-        # Git authentication
-        "git.depeuter.dev" = {
-          hostname = "git.depeuter.dev";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/Hugo/Gitea/ssh";
-          user = "git";
-        };
-        "github.com" = {
-          hostname = "github.com";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/GitHub/ssh";
-          user = "git";
-        };
-        "github.ugent.be" = {
-          hostname = "github.ugent.be";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/UGent/GitHub/ssh";
-          user = "git";
-        };
-        "subgit.ugent.be" = {
-          hostname = "subgit.ugent.be";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/UGent/SubGit/ssh";
-          user = "git";
-        };
-      };
-    };
-  };
-}
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -1,8 +1,7 @@
-{ lib, ... }:
-
 {
  imports = [
    ./programs
+    ./services
    ./users
    ./virtualisation
  ];
--- a/nixos/modules/programs/default.nix
+++ b/nixos/modules/programs/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./home-manager
+    ./ssh
    ./zellij
  ];
 }
--- a/nixos/modules/programs/ssh/default.nix
+++ b/nixos/modules/programs/ssh/default.nix
@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.sisyphus.programs.ssh;
+in {
+  options.sisyphus.programs.ssh.enable = lib.mkEnableOption "SSH";
+
+  config = lib.mkIf cfg.enable {
+    programs.ssh = {
+      enableAskPassword = false;
+    };
+  };
+}
--- a/nixos/modules/services/default.nix
+++ b/nixos/modules/services/default.nix
@ -0,0 +1,5 @@
+{
+  imports = [
+    ./openssh
+  ];
+}
--- a/nixos/modules/services/openssh/default.nix
+++ b/nixos/modules/services/openssh/default.nix
@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.sisyphus.services.openssh;
+in {
+  options.sisyphus.services.openssh.enable = lib.mkEnableOption "OpenSSH";
+
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+  };
+}
--- a/nixos/modules/users/tdpeuter/default.nix
+++ b/nixos/modules/users/tdpeuter/default.nix
@ -21,6 +21,8 @@ in {

    fonts.fonts = with pkgs; [
      font-awesome_5        # Dependency of Vifm config
+      noto-fonts            # Dependency of Zellij config
+      noto-fonts-cjk        # Dependency of Zellij config
    ];

    home-manager.users.tdpeuter = lib.mkIf config.sisyphus.programs.home-manager.enable {
@ -48,6 +50,7 @@ in {
          unzip
          vifm                  # File manager
          zathura               # PDF viewer
+          zellij                # Tmux + screen alternative
        ]) ++ (with pkgs-unstable; [
          mpv
        ]);
@ -66,6 +69,10 @@ in {
            source = ../../../../stow/mpv/.config/mpv;
          };

+          ".ssh/config" = { # Always put SSH configuration
+            source = ../../../../stow/ssh/.ssh/config;
+          };
+
          # Put Vifm files separately so history fill still works.
          ".config/vifm/colors" = lib.mkIf (builtins.elem pkgs.vifm installedPkgs) {
            source = ../../../../stow/vifm/.config/vifm/colors;