modules: by default allow wheel users to SSH into servers

author: tdback <tyler@tdback.net> 2025-01-24 23:30:25 -0500
committer: tdback <tyler@tdback.net> 2025-01-24 23:30:45 -0500
commit: c0b45157d3e97402648ec0aea82d949bfa4d4c82 (patch)
tree: 9969d2d33e2e33b985a4bc5f0aa60aecf74a708c
parent: 509b69329726b6717972f0bdb7e5f91c80a89247 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/modules/services/ssh/default.nix b/modules/services/ssh/default.nix
index dd25795..6f2def1 100644
--- a/modules/services/ssh/default.nix
+++ b/modules/services/ssh/default.nix
@@ -1,15 +1,23 @@
-{ lib, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 let
-  ports = [ 2222 ];
+  sshPort = 2222;
+  wheelUsers =
+    with config.users;
+    with builtins;
+    filter (u: elem "wheel" users.${u}.extraGroups) (attrNames users);
 in
 {
   services.openssh = {
     enable = lib.mkDefault true;
-    ports = ports;
     openFirewall = true;
     startWhenNeeded = true;
+    ports = [ sshPort ];
     settings = {
-      AllowUsers = [ "tdback" ];
+      AllowUsers = wheelUsers;
       PermitRootLogin = "no";
       PasswordAuthentication = lib.mkDefault false;
     };
author	tdback <tyler@tdback.net>	2025-01-24 23:30:25 -0500
committer	tdback <tyler@tdback.net>	2025-01-24 23:30:45 -0500
commit	c0b45157d3e97402648ec0aea82d949bfa4d4c82 (patch)
tree	9969d2d33e2e33b985a4bc5f0aa60aecf74a708c
parent	509b69329726b6717972f0bdb7e5f91c80a89247 (diff)