Gabe Venberg
48c60629ab
Required tree-wide re-wiring of the host option. Now, rather than each host having a monolithic restic.nix file, the hosts restic.nix file just specifies the password and url of the restic repository. Eatch module then definies specific paths to backup and any pre and post commands that need to be performed. Each backed up service gets an independent systemd backup service and timer.
27 lines
710 B
Nix
27 lines
710 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
inputs,
|
|
lib,
|
|
myLib,
|
|
...
|
|
}: {
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "prohibit-password";
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
# so we dont have to set TERM everytime we ssh in.
|
|
environment.systemPackages = with pkgs; [
|
|
kitty.terminfo
|
|
];
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = lib.mkDefault (
|
|
if inputs ? nix-secrets
|
|
then (myLib.dirToStrings "${inputs.nix-secrets}/public-keys")
|
|
else []
|
|
);
|
|
# if it can log into root, it should also be able to log in to the main user.
|
|
users.users.${config.host.details.user}.openssh.authorizedKeys.keys =
|
|
config.users.users.root.openssh.authorizedKeys.keys;
|
|
}
|