feat(exports): sshd service

modules/system/exports/sshd.nix

@@ -0,0 +1,41 @@
+{lib, gensokyo-zone, ...}: let
+  inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault;
+  inherit (lib.modules) mkIf;
+  inherit (lib.attrsets) mapAttrs filterAttrs mapAttrsToList;
+  inherit (lib.lists) sort;
+in {
+  config.exports.services.sshd = { config, ... }: let
+    mkAssertion = f: nixosConfig: let
+      cfg = nixosConfig.services.openssh;
+    in f nixosConfig cfg;
+    sorted = sort (a: b: a > b);
+    assertPorts = nixosConfig: cfg: let
+      nixosPorts = cfg.ports;
+      enabledPorts = filterAttrs (_: port: port.enable) config.ports;
+      servicePorts = mapAttrsToList (_: port: port.port) enabledPorts;
+    in {
+      assertion = sorted nixosPorts == sorted servicePorts;
+      message = "port mismatch: ${toString nixosPorts} != ${toString servicePorts}";
+    };
+  in {
+    id = mkAlmostOptionDefault "ssh";
+    nixos = {
+      serviceAttr = "openssh";
+      assertions = mkIf config.enable [
+        (mkAssertion assertPorts)
+      ];
+    };
+    defaults.port.listen = mkAlmostOptionDefault "wan";
+    ports = mapAttrs (_: mapAlmostOptionDefaults) {
+      public = {
+        port = 62954;
+        transport = "tcp";
+      };
+      standard = {
+        port = 22;
+        transport = "tcp";
+        listen = "lan";
+      };
+    };
+  };
+}