make system config more modular

1 files changed, 30 insertions, 25 deletions

diff --git a/system/sshd.nix b/system/sshd.nix
index 088bccb..a1ca2f2 100644
--- a/system/sshd.nix
+++ b/system/sshd.nix
@@ -1,35 +1,40 @@
 {
+  lib,
   config,
   self,
   ...
-}: {
-  # sshd
-  services.openssh = {
-    enable = true;
-    ports = [22];
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      UseDns = true;
-      X11Forwarding = false;
-      PermitRootLogin = "no";
+}: let
+  inherit (lib) mkIf;
+in {
+  config = mkIf config.network {
+    # sshd
+    services.openssh = {
+      enable = true;
+      ports = [22];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        UseDns = true;
+        X11Forwarding = false;
+        PermitRootLogin = "no";
+      };
     };
-  };
 
-  # allow ssh port
-  networking.firewall.allowedTCPPorts = [22];
+    # allow ssh port
+    networking.firewall.allowedTCPPorts = [22];
 
-  # ban evil
-  services.fail2ban = {
-    enable = true;
-    ignoreIP = [
-      # freyanet
-      "10.0.0.0/14"
-    ];
-  };
+    # ban evil
+    services.fail2ban = {
+      enable = true;
+      ignoreIP = [
+        # freyanet
+        "10.0.0.0/14"
+      ];
+    };
 
-  # add authorized keys
-  users.users.${config.user} = {
-    openssh.authorizedKeys.keyFiles = self.lib.sshKeys;
+    # add authorized keys
+    users.users.${config.user} = {
+      openssh.authorizedKeys.keyFiles = self.lib.sshKeys;
+    };
   };
 }