{ config, lib, pkgs, ... }: let cfg = config.vhack.rust-motd; # List all users that can login pred = n: v: ( false # <- just here for neat formatting || v.initialHashedPassword != null || v.initialPassword != null || v.hashedPassword != null || v.hashedPasswordFile != null || v.password != null || v.passwordFile != null || v.openssh.authorizedKeys.keys != [] || v.openssh.authorizedKeys.keyFiles != [] ); userList = builtins.mapAttrs (n: v: 2) (lib.filterAttrs pred config.users.users); in { options.vhack.rust-motd = { enable = lib.mkEnableOption "rust-motd"; }; config = lib.mkIf cfg.enable { systemd.services.rust-motd = { path = with pkgs; [ bash fail2ban # Needed for rust-motd fail2ban integration ]; }; programs.rust-motd = { enable = true; enableMotdInSSHD = true; refreshInterval = "*:0/5"; # 0/5 means: hour 0 AND all hour wich match (0 + 5 * x) (is the same as: 0, 5, 10, 15, 20) # An example is here: https://raw.githubusercontent.com/rust-motd/rust-motd/refs/heads/main/example_config.toml settings = { global = { progress_full_character = "="; progress_empty_character = "-"; progress_prefix = "["; progress_suffix = "]"; time_format = "%Y-%m-%d %H:%M:%S"; }; banner = { color = "red"; command = "${pkgs.hostname}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant"; # if you don't want a dependency on figlet, you can generate your # banner however you want, put it in a file, and then use something like: # command = "cat banner.txt" }; uptime = { prefix = "Uptime:"; }; # ssl_certificates = { # sort_method = "manual"; # # certs = { # "server1.vhack.eu" = "/var/lib/acme/server1.vhack.eu/cert.pem"; # "vhack.eu" = "/var/lib/acme/vhack.eu/cert.pem"; # }; # }; filesystems = { root = "/"; persistent = "/srv"; store = "/nix"; boot = "/boot"; }; memory = { swap_pos = "beside"; # or "below" or "none" }; fail2_ban = { jails = ["sshd"]; #, "anotherjail"] }; last_login = userList; last_run = {}; }; }; }; }