55 lines
1.4 KiB
Nix
55 lines
1.4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: {
|
|
options = {
|
|
services.openssh.impermanence.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = config.services.openssh.enable && config.storage.impermanence.enable;
|
|
};
|
|
};
|
|
|
|
config = lib.mkMerge [
|
|
{
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
ports = [22];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
UseDns = true;
|
|
X11Forwarding = false;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
|
{
|
|
# SSH host keys need to be persisted to maintain server identity
|
|
}
|
|
(lib.mkIf (!config.services.openssh.impermanence.enable) {
|
|
# TODO: placeholder to configure a unique dataset for this service
|
|
})
|
|
(lib.mkIf config.services.openssh.impermanence.enable {
|
|
storage.impermanence.datasets."persist/replicate/system/root" = {
|
|
files = builtins.listToAttrs (
|
|
lib.lists.flatten (
|
|
builtins.map (hostKey: [
|
|
{
|
|
name = hostKey.path;
|
|
value = {enable = true;};
|
|
}
|
|
{
|
|
name = "${hostKey.path}.pub";
|
|
value = {enable = true;};
|
|
}
|
|
])
|
|
config.services.openssh.hostKeys
|
|
)
|
|
);
|
|
};
|
|
})
|
|
]))
|
|
];
|
|
}
|