modules/: Hard-code user and group ids

This avoids relying on the state in /var/lib/nixos

1 files changed, 30 insertions, 12 deletions

diff --git a/modules/by-name/op/openssh/module.nix b/modules/by-name/op/openssh/module.nix
index 97cf7fd7..f77c357b 100644
--- a/modules/by-name/op/openssh/module.nix
+++ b/modules/by-name/op/openssh/module.nix
@@ -7,18 +7,36 @@
 #
 # You should have received a copy of the License along with this program.
 # If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.
-{...}: {
-  services.openssh = {
-    enable = true;
-    hostKeys = [
-      {
-        path = "/srv/sshd/ssh_host_ed25519_key";
-        rounds = 1000;
-        type = "ed25519";
-      }
-    ];
-    settings = {
-      PasswordAuthentication = false;
+{
+  config,
+  lib,
+  libraries,
+  ...
+}: let
+  cfg = config.soispha.services.openssh;
+in {
+  options.soispha.services.openssh = {
+    enable = libraries.base.options.mkEnable "openssh";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      hostKeys = [
+        {
+          path = "/srv/sshd/ssh_host_ed25519_key";
+          rounds = 1000;
+          type = "ed25519";
+        }
+      ];
+
+      settings = {
+        PasswordAuthentication = false;
+      };
+    };
+    users = {
+      users.sshd.uid = config.soispha.constants.ids.uids.sshd;
+      groups.sshd.gid = config.soispha.constants.ids.gids.sshd;
     };
   };
 }