users: disable password login for users in @wheel

This commit is contained in:
Peder Bergebakken Sundt 2024-08-11 03:31:04 +02:00
parent 2f3bcaf124
commit 08e5e4d90b

View File

@ -1,4 +1,4 @@
{lib, ...}:
{lib, config, ...}:
with lib;
let
# get all files in folder
@ -17,4 +17,17 @@ in
imports = makeAbsolute ./.;
services.openssh.extraConfig =
lib.pipe (builtins.attrNames config.users.users) [
(builtins.filter (uname: builtins.any (x: x) [
(config.users.users.${uname}.group == "wheel")
(builtins.elem "wheel" config.users.users.${uname}.extraGroups)
]))
(builtins.map (uname: ''
Match User ${uname}
PasswordAuthentication no
''))
lib.concatLines
];
}