feat(ssh): add enable option

2026-05-22 10:23:22 +02:00
parent a5adea70ea
commit 086e091add
8 changed files with 93 additions and 70 deletions
--- a/modules/ssh/authorized-keys.nix
+++ b/modules/ssh/authorized-keys.nix
@@ -16,16 +16,17 @@ in
    };
  };

-  # auto generate authorized_keys from `authorizedHosts`
-  config.users.users.${username}.openssh.authorizedKeys.keys =
-    lib.flatten (
-      map (
-        hostname:
-        let
-          keyFile = ../../hosts/${hostname}/ssh_user.pub;
-        in
-        lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
-      ) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
-    )
-    ++ lib.splitString "\n" (builtins.readFile ./ssh_bak.pub);
+  config = lib.mkIf config.ssh.enable {
+    users.users.${username}.openssh.authorizedKeys.keys =
+      lib.flatten (
+        map (
+          hostname:
+          let
+            keyFile = ../../hosts/${hostname}/ssh_user.pub;
+          in
+          lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
+        ) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
+      )
+      ++ lib.splitString "\n" (builtins.readFile ./ssh_bak.pub);
+  };
 }