rycee/openssh-module.nix

## openssh-module.nix
{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.programs.openssh;

  keyPairType = types.submodule (
    { name, config, ... }: {
      options = {
        private = mkOption {
          type = types.str;
          description = "The private key.";
        };

        public = mkOption {
          type = types.str;
          description = "The public key.";
        };

        keyName = mkOption {
          internal = true;
          type = types.str;
          description = "The key name.";
        };
      };

      config =
        let
          privkeyFile = builtins.toFile "privkey-${name}" config.private;
          pubkeyFile = builtins.toFile "pubkey-${name}" config.public;

          run = n: pkgs.runCommand n {
            preferLocalBuild = true;
            allowSubstitutes = false;
          };

          typeFile = run "key-type" ''
            ${pkgs.openssh}/bin/ssh-keygen -l -f ${pubkeyFile} \
              | sed 's/.*(\(.*\)).*/\1/' \
              | tr A-Z a-z \
              > $out
          '';
          keyType = removeSuffix "\n" (builtins.readFile typeFile);
          suffix = if name == "default" then "" else "_${name}";
        in
          {
            public = mkDefault (builtins.readFile privkeyFile);
            keyName = mkDefault "id_${keyType}${suffix}";
          };
    }
  );

in

{
  options = {
    programs.openssh = {
      enable = mkEnableOption "SSH";

      keys = mkOption {
        type = types.attrsOf keyPairType;
        default = {};
        description = ''
          Your SSH keys. WARNING: Your private key will be readable
          inside the Nix store so use a good passphrase!
        '';
      };
    };
  };

  config = mkIf cfg.enable {
    home.packages = [ pkgs.openssh ];

    home.file = listToAttrs (
      concatMap (key: [
        { name = ".ssh/he-${key.keyName}";     value = { text = key.private; mode = "600"; }; }
        { name = ".ssh/he-${key.keyName}.pub"; value = { text = key.public; mode = "644"; }; }
      ]) (attrValues cfg.keys)
    );
  };
}
	{ config, lib, pkgs, ... }:

	with lib;

	let

	cfg = config.programs.openssh;

	keyPairType = types.submodule (
	{ name, config, ... }: {
	options = {
	private = mkOption {
	type = types.str;
	description = "The private key.";
	};

	public = mkOption {
	type = types.str;
	description = "The public key.";
	};

	keyName = mkOption {
	internal = true;
	type = types.str;
	description = "The key name.";
	};
	};

	config =
	let
	privkeyFile = builtins.toFile "privkey-${name}" config.private;
	pubkeyFile = builtins.toFile "pubkey-${name}" config.public;

	run = n: pkgs.runCommand n {
	preferLocalBuild = true;
	allowSubstitutes = false;
	};

	typeFile = run "key-type" ''
	${pkgs.openssh}/bin/ssh-keygen -l -f ${pubkeyFile} \
	\| sed 's/.(\(.\)).*/\1/' \
	\| tr A-Z a-z \
	> $out
	'';
	keyType = removeSuffix "\n" (builtins.readFile typeFile);
	suffix = if name == "default" then "" else "_${name}";
	in
	{
	public = mkDefault (builtins.readFile privkeyFile);
	keyName = mkDefault "id_${keyType}${suffix}";
	};
	}
	);

	in

	{
	options = {
	programs.openssh = {
	enable = mkEnableOption "SSH";

	keys = mkOption {
	type = types.attrsOf keyPairType;
	default = {};
	description = ''
	Your SSH keys. WARNING: Your private key will be readable
	inside the Nix store so use a good passphrase!
	'';
	};
	};
	};

	config = mkIf cfg.enable {
	home.packages = [ pkgs.openssh ];

	home.file = listToAttrs (
	concatMap (key: [
	{ name = ".ssh/he-${key.keyName}"; value = { text = key.private; mode = "600"; }; }
	{ name = ".ssh/he-${key.keyName}.pub"; value = { text = key.public; mode = "644"; }; }
	]) (attrValues cfg.keys)
	);
	};
	}