82 lines
2.1 KiB
Nix
82 lines
2.1 KiB
Nix
{ lib, config, ... }:
|
|
let
|
|
inherit (lib)
|
|
mkOption
|
|
splitString
|
|
length
|
|
hasPrefix
|
|
filter
|
|
concatStringsSep
|
|
;
|
|
inherit (lib.types)
|
|
str
|
|
listOf
|
|
enum
|
|
port
|
|
;
|
|
in
|
|
{
|
|
options = {
|
|
system = {
|
|
host-name = mkOption {
|
|
type = str;
|
|
description = "The hostname of the switch.";
|
|
};
|
|
root-authentication = {
|
|
hashedPasswd = mkOption {
|
|
type = str;
|
|
description = "Hashed password for root.";
|
|
};
|
|
ssh-keys = mkOption {
|
|
type = listOf str;
|
|
description = "ssh keys for root user.";
|
|
default = [ ];
|
|
};
|
|
};
|
|
services = {
|
|
ssh.root-login = mkOption {
|
|
type = enum [
|
|
"allow"
|
|
"deny"
|
|
"deny-password"
|
|
];
|
|
description = "Login policy to use for root.";
|
|
};
|
|
netconf.port = mkOption {
|
|
type = port;
|
|
description = "Port to use for netconf.";
|
|
default = 830;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
config.netconf.xml.system =
|
|
let
|
|
ssh-keys1 = map (splitString " ") config.system.root-authentication.ssh-keys;
|
|
ssh-keys2 = map (key: if length key < 3 then key ++ [ "foo@bar" ] else key) ssh-keys1;
|
|
ssh-keys = map (concatStringsSep " ") ssh-keys2;
|
|
ssh-edsca = map (name: { inherit name; }) (filter (hasPrefix "ssh-edsca ") ssh-keys);
|
|
ssh-rsa = map (name: { inherit name; }) (filter (hasPrefix "ssh-rsa ") ssh-keys);
|
|
ssh-ed25519 = map (name: { inherit name; }) (filter (hasPrefix "ssh-ed25519 ") ssh-keys);
|
|
in
|
|
{
|
|
host-name = {
|
|
"@operation" = "replace";
|
|
"#text" = config.system.host-name;
|
|
};
|
|
root-authentication = {
|
|
"@operation" = "replace";
|
|
encrypted-password = config.system.root-authentication.hashedPasswd;
|
|
inherit ssh-edsca ssh-rsa ssh-ed25519;
|
|
};
|
|
services = {
|
|
"@operation" = "replace";
|
|
ssh.root-login = config.system.services.ssh.root-login;
|
|
netconf = {
|
|
ssh.port = config.system.services.netconf.port;
|
|
rfc-compliant = {};
|
|
yang-compliant = {};
|
|
};
|
|
};
|
|
};
|
|
}
|