diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/module-list.nix | 1 | ||||
| -rw-r--r-- | modules/nix/default.nix | 3 | ||||
| -rw-r--r-- | modules/services/openssh.nix | 33 |
3 files changed, 35 insertions, 2 deletions
diff --git a/modules/module-list.nix b/modules/module-list.nix index aa190c7..8b2215b 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -82,6 +82,7 @@ ./services/nix-gc ./services/nix-optimise ./services/ofborg + ./services/openssh.nix ./services/postgresql ./services/privoxy ./services/redis diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 41398fa..6e4292a 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -617,7 +617,6 @@ in trusted-users = mkOption { type = types.listOf types.str; - default = [ "root" ]; example = [ "root" "alice" "@admin" ]; description = '' A list of names of users that have additional rights when @@ -835,10 +834,10 @@ in done ''; - # Legacy configuration conversion. nix.settings = mkMerge [ { trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + trusted-users = [ "root" ]; substituters = mkAfter [ "https://cache.nixos.org/" ]; # Not implemented yet diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix new file mode 100644 index 0000000..859f79d --- /dev/null +++ b/modules/services/openssh.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: + +let + cfg = config.services.openssh; +in +{ + options = { + services.openssh.enable = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = '' + Whether to enable Apple's built-in OpenSSH server. + + The default is null which means let macOS manage the OpenSSH server. + ''; + }; + }; + + config = { + # We don't use `systemsetup -setremotelogin` as it requires Full Disk Access + system.activationScripts.launchd.text = lib.mkIf (cfg.enable != null) (if cfg.enable then '' + if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "Off" ]]; then + launchctl enable system/com.openssh.sshd + launchctl bootstrap system /System/Library/LaunchDaemons/ssh.plist + fi + '' else '' + if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "On" ]]; then + launchctl bootout system/com.openssh.sshd + launchctl disable system/com.openssh.sshd + fi + ''); + }; +} |