From c0b45157d3e97402648ec0aea82d949bfa4d4c82 Mon Sep 17 00:00:00 2001
From: tdback <tyler@tdback.net>
Date: Fri, 24 Jan 2025 23:30:25 -0500
Subject: modules: by default allow wheel users to SSH into servers

---
 modules/services/ssh/default.nix | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'modules/services')

diff --git a/modules/services/ssh/default.nix b/modules/services/ssh/default.nix
index dd25795..6f2def1 100644
--- a/modules/services/ssh/default.nix
+++ b/modules/services/ssh/default.nix
@@ -1,15 +1,23 @@
-{ lib, ... }:
+{
+  config,
+  lib,
+  ...
+}:
 let
-  ports = [ 2222 ];
+  sshPort = 2222;
+  wheelUsers =
+    with config.users;
+    with builtins;
+    filter (u: elem "wheel" users.${u}.extraGroups) (attrNames users);
 in
 {
   services.openssh = {
     enable = lib.mkDefault true;
-    ports = ports;
     openFirewall = true;
     startWhenNeeded = true;
+    ports = [ sshPort ];
     settings = {
-      AllowUsers = [ "tdback" ];
+      AllowUsers = wheelUsers;
       PermitRootLogin = "no";
       PasswordAuthentication = lib.mkDefault false;
     };
-- 
cgit v1.2.3