From bec08ef6e3b9d92f391a2940f6dbeffa50b17fa8 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Wed, 3 Dec 2025 15:15:32 +0000
Subject: [PATCH] programs/ssh: DRY address/port options

The end goal is to hoist the forwarded path assertion directly into this
module rather than the top-level.
---
 modules/programs/ssh.nix | 54 +++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 28 deletions(-)

diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix
index 1da2034aa..7d0a06bb6 100644
--- a/modules/programs/ssh.nix
+++ b/modules/programs/ssh.nix
@@ -30,44 +30,42 @@ let
       mapAttrsToList (name: value: ''${name}="${lib.escape [ ''"'' "\\" ] (toString value)}"'') envStr
     );
 
-  bindOptions = {
-    address = mkOption {
-      type = types.str;
-      default = "localhost";
-      example = "example.org";
-      description = "The address where to bind the port.";
-    };
-
-    port = mkOption {
-      type = types.nullOr types.port;
-      default = null;
-      example = 8080;
-      description = "Specifies port number to bind on bind address.";
-    };
-  };
-
-  dynamicForwardModule = types.submodule { options = bindOptions; };
-
-  forwardModule = types.submodule {
-    options = {
-      bind = bindOptions;
-
-      host = {
+  mkAddressPortModule =
+    {
+      actionType,
+      nullableAddress ? actionType == "forward",
+    }:
+    types.submodule {
+      options = {
         address = mkOption {
-          type = types.nullOr types.str;
-          default = null;
+          type = if nullableAddress then types.nullOr types.str else types.str;
+          default = if nullableAddress then null else "localhost";
           example = "example.org";
-          description = "The address where to forward the traffic to.";
+          description = "The address to ${actionType} to.";
         };
 
         port = mkOption {
           type = types.nullOr types.port;
           default = null;
-          example = 80;
-          description = "Specifies port number to forward the traffic to.";
+          example = 8080;
+          description = "Specifies port number to ${actionType} to.";
         };
       };
     };
+
+  dynamicForwardModule = mkAddressPortModule { actionType = "bind"; };
+
+  forwardModule = types.submodule {
+    options = {
+      bind = mkOption {
+        type = mkAddressPortModule { actionType = "bind"; };
+        description = "Local port binding options";
+      };
+      host = mkOption {
+        type = mkAddressPortModule { actionType = "forward"; };
+        description = "Host port binding options";
+      };
+    };
   };
 
   matchBlockModule = types.submodule {