yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'Refactor admin module' (#4681) from fix-admin-service-split into main

Browse Source 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4681
This commit is contained in:
pinpox
2025-08-11 11:36:24 +00:00
parent deecb966ce 75c60a6103
commit 6693cda465
3 changed files with 169 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
clanServices/admin/default.nix
View File

@@ -41,25 +41,13 @@
};
};
};
};
perInstance =
{ settings, ... }:
{
nixosModule =
{ ... }:
{
imports = [
# We don't have a good way to specify dependencies between
# clanServices for now. When it get's implemtende, we should just
# use the ssh and users modules here.
imports = [
./ssh.nix
./root-password.nix
];
_module.args = { inherit settings; };
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues settings.allowedKeys;
};
};
};
}

7
clanServices/admin/root-password.nix
View File

@@ -1,5 +1,10 @@
# We don't have a way of specifying dependencies between clanServices for now.
# When it get's added this file should be removed and the users module used instead.
{
roles.default.perInstance =
{ ... }:
{
nixosModule =
{
config,
pkgs,
@@ -45,4 +50,6 @@
mkpasswd -s -m sha-512 < "$out"/password | tr -d "\n" > "$out"/password-hash
'';
};
};
};
}

11
clanServices/admin/ssh.nix
View File

@@ -1,8 +1,13 @@
{
roles.default.perInstance =
{ settings, ... }:
{
nixosModule =
{
config,
pkgs,
lib,
settings,
...
}:
let
@@ -13,6 +18,8 @@ let
in
{
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues settings.allowedKeys;
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
@@ -112,4 +119,6 @@ in
extraHostNames = builtins.map (domain: "*.${domain}") settings.certificateSearchDomains;
publicKey = config.clan.core.vars.generators.openssh-ca.files."id_ed25519.pub".value;
};
};
};
}