From 99f68e5421de84746bc89d69f9cbb6c488438d60 Mon Sep 17 00:00:00 2001 From: Daniel Barlow Date: Fri, 23 Aug 2024 23:13:49 +0100 Subject: [PATCH] destructure params in ssh service --- modules/ssh/ssh.nix | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/modules/ssh/ssh.nix b/modules/ssh/ssh.nix index 82eaf64..1d81061 100644 --- a/modules/ssh/ssh.nix +++ b/modules/ssh/ssh.nix @@ -3,9 +3,21 @@ , dropbear , lib }: -{authorizedKeys, ...} @ p : +{ + address, + allowLocalPortForward, + allowPasswordLogin, + allowPasswordLoginForRoot, + allowRemoteConnectionToForwardedPorts, + allowRemotePortForward, + allowRoot, + authorizedKeys, + port, + extraConfig +}: let name = "sshd"; + inherit (builtins) toString; inherit (liminix.services) longrun; inherit (lib) concatStringsSep mapAttrs mapAttrsToList; options = @@ -16,18 +28,18 @@ let "-P /run/dropbear.pid" "-F" # don't fork into background ] ++ - (lib.optional (! p.allowRoot) "-w") ++ - (lib.optional (! p.allowPasswordLogin) "-s") ++ - (lib.optional (! p.allowPasswordLoginForRoot) "-g") ++ - (lib.optional (! p.allowLocalPortForward) "-j") ++ - (lib.optional (! p.allowRemotePortForward) "-k") ++ - (lib.optional (! p.allowRemoteConnectionToForwardedPorts) "-a") ++ + (lib.optional (! allowRoot) "-w") ++ + (lib.optional (! allowPasswordLogin) "-s") ++ + (lib.optional (! allowPasswordLoginForRoot) "-g") ++ + (lib.optional (! allowLocalPortForward) "-j") ++ + (lib.optional (! allowRemotePortForward) "-k") ++ + (lib.optional (! allowRemoteConnectionToForwardedPorts) "-a") ++ (lib.optionals (authorizedKeys != null) ["-U" "/run/${name}/authorized_keys/%n"]) ++ - [(if p.address != null - then "-p ${p.address}:${p.port}" - else "-p ${builtins.toString p.port}")] ++ - [p.extraConfig]; + [(if address != null + then "-p ${address}:${toString port}" + else "-p ${toString port}")] ++ + [extraConfig]; authKeysConcat = if authorizedKeys != null then mapAttrs