67 lines
1.7 KiB
Nix
67 lines
1.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
uid,
|
|
gid,
|
|
...
|
|
}:
|
|
with lib; let
|
|
sshdTmpDirectory = "${config.user.home}/sshd.tmp";
|
|
sshdDirectory = "${config.user.home}/.sshd";
|
|
authorizedKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETPyuxUVEmYyEW6PVC6BXqkhULHd/RvMm8fMbYhjTMV fern@muskduck";
|
|
port = 8022;
|
|
|
|
sshd-start = pkgs.writeScriptBin "sshd-start" ''
|
|
#!${pkgs.runtimeShell}
|
|
|
|
echo "Starting sshd in non-daemonized way on port ${toString port}"
|
|
${pkgs.openssh}/bin/sshd -f "${sshdDirectory}/sshd_config" -D
|
|
'';
|
|
in {
|
|
# Set UID & GID
|
|
user = {
|
|
uid = uid;
|
|
gid = gid;
|
|
};
|
|
|
|
# NixOS version.
|
|
system.stateVersion = "24.05";
|
|
|
|
# Enable flakes.
|
|
nix.extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
|
|
# SSHD script.
|
|
build.activation.sshd = ''
|
|
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${config.user.home}/.ssh"
|
|
$DRY_RUN_CMD echo ${authorizedKeys} > "${config.user.home}/.ssh/authorized_keys"
|
|
|
|
if [[ ! -d "${sshdDirectory}" ]]; then
|
|
$DRY_RUN_CMD rm $VERBOSE_ARG --recursive --force "${sshdTmpDirectory}"
|
|
$DRY_RUN_CMD mkdir $VERBOSE_ARG --parents "${sshdTmpDirectory}"
|
|
|
|
$VERBOSE_ECHO "Generating host keys..."
|
|
$DRY_RUN_CMD ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -f "${sshdTmpDirectory}/ssh_host_rsa_key" -N ""
|
|
|
|
$VERBOSE_ECHO "Writing sshd_config..."
|
|
$DRY_RUN_CMD echo -e "HostKey ${sshdDirectory}/ssh_host_rsa_key\nPort ${toString port}\n" > "${sshdTmpDirectory}/sshd_config"
|
|
|
|
$DRY_RUN_CMD mv $VERBOSE_ARG "${sshdTmpDirectory}" "${sshdDirectory}"
|
|
fi
|
|
'';
|
|
|
|
# Install some packages.
|
|
environment.packages = with pkgs; [
|
|
aria2
|
|
fish
|
|
lynx
|
|
neovim
|
|
rsync
|
|
sshd-start
|
|
tmux
|
|
trash-cli
|
|
yazi
|
|
];
|
|
}
|