gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(exports): sshd service

Browse source
This commit is contained in:
arcnmx 2024-04-16 03:05:36 -07:00
parent 1fed0eb15f
commit 45d41414e6
14 changed files with 78 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

41
modules/system/exports/sshd.nix Normal file
View file

@ -0,0 +1,41 @@
{lib, gensokyo-zone, ...}: let
inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault;
inherit (lib.modules) mkIf;
inherit (lib.attrsets) mapAttrs filterAttrs mapAttrsToList;
inherit (lib.lists) sort;
in {
config.exports.services.sshd = { config, ... }: let
mkAssertion = f: nixosConfig: let
cfg = nixosConfig.services.openssh;
in f nixosConfig cfg;
sorted = sort (a: b: a > b);
assertPorts = nixosConfig: cfg: let
nixosPorts = cfg.ports;
enabledPorts = filterAttrs (_: port: port.enable) config.ports;
servicePorts = mapAttrsToList (_: port: port.port) enabledPorts;
in {
assertion = sorted nixosPorts == sorted servicePorts;
message = "port mismatch: ${toString nixosPorts} != ${toString servicePorts}";
};
in {
id = mkAlmostOptionDefault "ssh";
nixos = {
serviceAttr = "openssh";
assertions = mkIf config.enable [
(mkAssertion assertPorts)
];
};
defaults.port.listen = mkAlmostOptionDefault "wan";
ports = mapAttrs (_: mapAlmostOptionDefaults) {
public = {
port = 62954;
transport = "tcp";
};
standard = {
port = 22;
transport = "tcp";
listen = "lan";
};
};
};
}

1
systems/aya/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
tailscale.enable = true;
};
};

5
systems/ct/default.nix
View file

@ -11,4 +11,9 @@ _: {
address6 = null;
};
};
exports = {
services = {
sshd.enable = true;
};
};
}

4
systems/freeipa/default.nix
View file

@ -32,6 +32,10 @@ _: {
};
exports = {
services = {
sshd = {
enable = true;
ports.public.enable = false;
};
freeipa.enable = true;
ldap.enable = true;
kerberos.enable = true;

4
systems/freepbx/default.nix
View file

@ -16,6 +16,10 @@ _: {
};
exports = {
services = {
sshd = {
enable = true;
ports.public.enable = false;
};
freepbx.enable = true;
};
};

8
systems/hakurei/default.nix
View file

@ -24,6 +24,14 @@ _: {
enable = true;
id = "login.local";
};
sshd = {
enable = true;
ports.global = {
port = 41022;
transport = "tcp";
listen = "wan";
};
};
};
exports = {
plex.enable = true;

1
systems/keycloak/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
keycloak.enable = true;
vouch-proxy.enable = true;
};

4
systems/kitchencam/default.nix
View file

@ -17,6 +17,10 @@ _: {
};
exports = {
services = {
sshd = {
enable = true;
ports.public.enable = false;
};
motion = {
id = "kitchen";
enable = true;

5
systems/kuwubernetes/default.nix
View file

@ -19,4 +19,9 @@ _: {
};
};
};
exports = {
services = {
sshd.enable = true;
};
};
}

1
systems/litterbox/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
tailscale.enable = true;
};
};

1
systems/mediabox/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
plex.enable = true;
invidious.enable = true;
};

1
systems/reimu/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
tailscale.enable = true;
nfs.enable = true;
};

1
systems/tei/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
tailscale.enable = true;
home-assistant.enable = true;
zigbee2mqtt.enable = true;

1
systems/utsuho/default.nix
View file

@ -9,6 +9,7 @@ _: {
];
exports = {
services = {
sshd.enable = true;
unifi.enable = true;
mosquitto.enable = true;
dnsmasq.enable = true;