fix: cloudflare tunnel on tempest

requires openssh, but removing public key
2024-11-22 13:25:38 +00:00 · 2023-07-12 23:33:35 -04:00 · 2023-07-12 23:33:35 -04:00 · e86b2f184f
commit e86b2f184f
parent d14054ab17
4 changed files with 5 additions and 3 deletions
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@ -49,6 +49,7 @@ inputs.nixpkgs.lib.nixosSystem {
      services.caddy.enable = true;
      services.grafana.enable = true;
      services.openssh.enable = true;
      services.prometheus.enable = true;
      services.gitea.enable = true;
      services.vaultwarden.enable = true;
--- a/hosts/swan/default.nix
+++ b/hosts/swan/default.nix
@ -56,6 +56,7 @@ inputs.nixpkgs.lib.nixosSystem {
      services.jellyfin.enable = true;
      services.nextcloud.enable = true;
      services.calibre-web.enable = true;
      services.openssh.enable = true;
      services.prometheus.enable = true;
      services.samba.enable = true;
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@ -92,6 +92,7 @@ inputs.nixpkgs.lib.nixosSystem {
        ryujinx.enable = true;
      };
      services.openssh.enable = true; # Required for Cloudflare tunnel
      cloudflareTunnel = {
        enable = true;
        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
--- a/modules/nixos/services/sshd.nix
+++ b/modules/nixos/services/sshd.nix
@ -13,9 +13,8 @@
    };
  };
-  config = lib.mkIf (config.publicKey != null) {
+  config = lib.mkIf config.services.openssh.enable {
    services.openssh = {
      enable = true;
      ports = [ 22 ];
      allowSFTP = true;
      settings = {
@ -27,7 +26,7 @@
    };
    users.users.${config.user}.openssh.authorizedKeys.keys =
-      [ config.publicKey ];
+      lib.mkIf (config.publicKey != null) [ config.publicKey ];
    # Implement a simple fail2ban service for sshd
    services.sshguard.enable = true;