Add more SSH settings

2021-11-15 16:35:04 +03:00 · 2021-11-15 16:35:04 +03:00 · 7193030b37
parent 05627a1dc9
commit 7193030b37
4 changed files with 42 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -45,9 +45,13 @@ Example JSON config:
    },
    "timezone": "Europe/Moscow",
    "resticPassword": "PASS",
-    "rootSshKeys": [
-        "ssh-ed25519 KEY user@host"
-    ],
+    "ssh": {
+        "enable": true,
+        "rootSshKeys": [
+            "ssh-ed25519 KEY user@host"
+        ],
+        "passwordAuthentication": true
+    },
    "username": "owner",
    "users": [
        {
--- a/configuration.nix
+++ b/configuration.nix
@ -37,10 +37,10 @@
  };
  time.timeZone = config.services.userdata.timezone;
  i18n.defaultLocale = "en_GB.UTF-8";
-  users.users.root.openssh.authorizedKeys.keys = config.services.userdata.rootSshKeys;
+  users.users.root.openssh.authorizedKeys.keys = config.services.userdata.ssh.rootKeys;
  services.openssh = {
-    enable = true;
-    passwordAuthentication = true;
+    enable = config.services.userdata.ssh.enable;
+    passwordAuthentication = config.services.userdata.ssh.passwordAuthentication;
    permitRootLogin = "yes";
    openFirewall = false;
  };
--- a/userdata/schema.json
+++ b/userdata/schema.json
@ -103,10 +103,21 @@
        "resticPassword": {
            "type": "string"
        },
-        "rootSshKeys": {
-            "type": "array",
-            "items": {
-                "type": "string"
+        "ssh": {
+            "type": "object",
+            "properties": {
+                "enable": {
+                    "type": "boolean"
+                },
+                "rootKeys": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "passwordAuthentication": {
+                    "type": "boolean"
+                }
            }
        },
        "users": {
--- a/variables-module.nix
+++ b/variables-module.nix
@ -117,11 +117,24 @@ in
      '';
      type = types.nullOr types.string;
    };
-    rootSshKeys = mkOption {
-      description = ''
+    ssh = {
+      enable = mkOption {
+        default = true;
+        type = types.nullOr types.bool;
+      };
+      rootKeys = mkOption {
+        description = ''
        Root SSH Keys
-      '';
-      type = types.nullOr (types.listOf types.string);
+        '';
+        type = types.nullOr (types.listOf types.string);
+      };
+      passwordAuthentication = mkOption {
+        description = ''
+          Password authentication for SSH
+        '';
+        default = true;
+        type = types.nullOr types.bool;
+      };
    };
    timezone = mkOption {
      description = ''