Format the entire project.

2023-09-11 20:23:04 +02:00 · 2023-09-11 20:23:04 +02:00 · 6f9db5e3a4
commit 6f9db5e3a4
parent 1dc50ae17d
115 changed files with 3451 additions and 2901 deletions
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -1,35 +1,43 @@
-{ config, lib, fn, ... }:
-
+{
+  config,
+  lib,
+  fn,
+  ...
+}:
 # For reference:
 # https://infosec.mozilla.org/guidelines/openssh.html
 # https://stribika.github.io/2015/01/04/secure-secure-shell.html
-
 with lib;
-
-mkIf (elem "openssh" config.machine.services) {
-  services.openssh = {
-    enable = true;
-    settings.KexAlgorithms = [ "curve25519-sha256@libssh.org" ];
-    sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
-    startWhenNeeded = false;
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication = false;
-      PermitRootLogin = "no";
-    };
-    extraConfig = let users = concatMapStrings (user: "${user.name} ") config.machine.administrators
-      + (optionalString config.services.gitea.enable (config.services.gitea.user + " "));
-    in  ''
+  mkIf (elem "openssh" config.machine.services) {
+    services.openssh = {
+      enable = true;
+      settings.KexAlgorithms = ["curve25519-sha256@libssh.org"];
+      sftpFlags = ["-f AUTHPRIV" "-l INFO"];
+      startWhenNeeded = false;
+      settings = {
+        KbdInteractiveAuthentication = false;
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+      };
+      extraConfig = let
+        users =
+          concatMapStrings (user: "${user.name} ") config.machine.administrators
+          + (optionalString config.services.gitea.enable (config.services.gitea.user + " "));
+      in ''
        UsePAM no
        AllowUsers ${users}
        LogLevel VERBOSE
-    '';
-  };
-  # Add public keys to /etc/ssh/authorized_keys.d
-  # This replaces users.users.*.openssh.authorizedKeys.*
-  sops.secrets = (fn.sopsHelper
-    (user: "users/${user.name}/publicKey")
-    config.machine.administrators
-    (user: { path = "/etc/ssh/authorized_keys.d/${user.name}"; mode = "444"; })
-  );
-}
+      '';
+    };
+    # Add public keys to /etc/ssh/authorized_keys.d
+    # This replaces users.users.*.openssh.authorizedKeys.*
+    sops.secrets = (
+      fn.sopsHelper
+      (user: "users/${user.name}/publicKey")
+      config.machine.administrators
+      (user: {
+        path = "/etc/ssh/authorized_keys.d/${user.name}";
+        mode = "444";
+      })
+    );
+  }