{ lib, config, ... }:
with lib;
{
options = {
system = {
host-name = mkOption {
type = types.str;
description = "The hostname of the switch.";
};
root-authentication = {
hashedPasswd = mkOption {
type = types.str;
description = "Hashed password for root.";
};
ssh-keys = mkOption {
type = types.listOf types.str;
description = "ssh keys for root user.";
default = [ ];
};
};
services = {
ssh.root-login = mkOption {
type = types.enum [
"allow"
"deny"
"deny-password"
];
description = "Login policy to use for root.";
};
netconf.port = mkOption {
type = types.port;
description = "Port to use for netconf.";
default = 830;
};
};
};
netconf.xmls.system = mkOption {
type = types.str;
visible = false;
readOnly = true;
};
};
config.netconf.xmls.system =
let
ssh-keys1 = map (splitString " ") config.system.root-authentication.ssh-keys;
ssh-keys2 = map (key: if length key < 3 then key ++ [ "foo@bar" ] else key) ssh-keys1;
ssh-keys = map (concatStringsSep " ") ssh-keys2;
edsca = map (key: "${key}") (
filter (hasPrefix "ssh-edsca ") ssh-keys
);
rsa = map (key: "${key}") (filter (hasPrefix "ssh-rsa ") ssh-keys);
ed25519 = map (key: "${key}") (
filter (hasPrefix "ssh-ed25519 ") ssh-keys
);
in
''
${config.system.host-name}
${config.system.root-authentication.hashedPasswd}
${concatStrings (edsca ++ rsa ++ ed25519)}
${config.system.services.ssh.root-login}
${toString config.system.services.netconf.port}
'';
}