From ed892d1fb83dfd918e42103388e4bb685eef9cfa Mon Sep 17 00:00:00 2001
From: derped <derped@ophanim.de>
Date: Wed, 26 Jun 2019 00:33:04 +0200
Subject: [PATCH] Automatically add administrative users to openssh's
 AllowUsers list.

---
 services/openssh.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/services/openssh.nix b/services/openssh.nix
index 28fca4f..00003ce 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -15,9 +15,12 @@ mkIf (elem "openssh" config.machine.services) {
     challengeResponseAuthentication = false;
     passwordAuthentication = false;
     permitRootLogin = "no";
-    extraConfig = ''
+    extraConfig = let users = concatMapStrings (user: "${user.name} ") config.machine.administrators
+      + (if config.services.gitea.enable then (config.services.gitea.user + " ") else "")
+      + (if config.services.nix-serve.enable then "nix-ssh" else "");
+    in  ''
         UsePAM no
-        AllowUsers derped git nix-ssh
+        AllowUsers ${users}
         UsePrivilegeSeparation sandbox
         LogLevel VERBOSE
     '';