users: disable password login for users in @wheel

2024-08-11 03:31:04 +02:00 · 2024-08-11 03:31:04 +02:00 · 08e5e4d90b
parent 2f3bcaf124
commit 08e5e4d90b
1 changed files with 14 additions and 1 deletions
--- a/users/default.nix
+++ b/users/default.nix
@ -1,4 +1,4 @@
-{lib, ...}:
+{lib, config, ...}:
 with lib;
 let
  # get all files in folder
@ -17,4 +17,17 @@ in

  imports = makeAbsolute ./.;

+  services.openssh.extraConfig =
+    lib.pipe (builtins.attrNames config.users.users) [
+      (builtins.filter (uname: builtins.any (x: x) [
+        (config.users.users.${uname}.group == "wheel")
+        (builtins.elem "wheel" config.users.users.${uname}.extraGroups)
+      ]))
+      (builtins.map (uname: ''
+        Match User ${uname}
+          PasswordAuthentication no
+      ''))
+      lib.concatLines
+    ];
+
 }