---
Function {
 argument: None,
 arguments: FunctionArguments {
  arguments: [
   FunctionArgument {
    identifier: "lib",
    default: None,
   },
   FunctionArgument {
    identifier: "config",
    default: None,
   },
  ],
  ellipsis: true,
 },
 definition: With {
  expression: Variable {
   identifier: "lib",
   position: (3, 6),
  },
  target: LetIn {
   bindings: [
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "cfg",
        position: (4, 5),
       },
      ],
     },
     PropertyAccess {
      expression: Variable {
       identifier: "config",
       position: (4, 11),
      },
      attribute_path: AttributePath {
       attributes: [
        Raw {
         content: "nix",
         position: (4, 18),
        },
        Raw {
         content: "sshServe",
         position: (4, 22),
        },
       ],
      },
      default: None,
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "command",
        position: (5, 5),
       },
      ],
     },
     IfThenElse {
      predicate: BinaryOperation {
       operator: EqualTo,
       operands: [
        PropertyAccess {
         expression: Variable {
          identifier: "cfg",
          position: (6, 10),
         },
         attribute_path: AttributePath {
          attributes: [
           Raw {
            content: "protocol",
            position: (6, 14),
           },
          ],
         },
         default: None,
        },
        String {
         parts: [
          Raw {
           content: "ssh",
           position: (6, 27),
          },
         ],
        },
       ],
       position: (6, 23),
      },
      then: String {
       parts: [
        Raw {
         content: "nix-store --serve ",
         position: (7, 15),
        },
        Expression {
         expression: FunctionApplication {
          function: PropertyAccess {
           expression: Variable {
            identifier: "lib",
            position: (7, 35),
           },
           attribute_path: AttributePath {
            attributes: [
             Raw {
              content: "optionalString",
              position: (7, 39),
             },
            ],
           },
           default: None,
          },
          arguments: [
           PropertyAccess {
            expression: Variable {
             identifier: "cfg",
             position: (7, 54),
            },
            attribute_path: AttributePath {
             attributes: [
              Raw {
               content: "write",
               position: (7, 58),
              },
             ],
            },
            default: None,
           },
           String {
            parts: [
             Raw {
              content: "--write",
              position: (7, 65),
             },
            ],
           },
          ],
         },
        },
       ],
      },
      else_: String {
       parts: [
        Raw {
         content: "nix-daemon --stdio",
         position: (8, 13),
        },
       ],
      },
      position: (6, 7),
     },
    ),
   ],
   target: Map {
    bindings: [
     KeyValue(
      AttributePath {
       attributes: [
        Raw {
         content: "options",
         position: (10, 3),
        },
       ],
      },
      Map {
       bindings: [
        KeyValue(
         AttributePath {
          attributes: [
           Raw {
            content: "nix",
            position: (12, 5),
           },
           Raw {
            content: "sshServe",
            position: (12, 9),
           },
          ],
         },
         Map {
          bindings: [
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "enable",
               position: (14, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (14, 16),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (15, 9),
                   },
                  ],
                 },
                 PropertyAccess {
                  expression: Variable {
                   identifier: "types",
                   position: (15, 16),
                  },
                  attribute_path: AttributePath {
                   attributes: [
                    Raw {
                     content: "bool",
                     position: (15, 22),
                    },
                   ],
                  },
                  default: None,
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (16, 9),
                   },
                  ],
                 },
                 Variable {
                  identifier: "false",
                  position: (16, 19),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (17, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "Whether to enable serving the Nix store as a remote store via SSH.",
                    position: (17, 24),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (14, 25),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "write",
               position: (20, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (20, 15),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (21, 9),
                   },
                  ],
                 },
                 PropertyAccess {
                  expression: Variable {
                   identifier: "types",
                   position: (21, 16),
                  },
                  attribute_path: AttributePath {
                   attributes: [
                    Raw {
                     content: "bool",
                     position: (21, 22),
                    },
                   ],
                  },
                  default: None,
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (22, 9),
                   },
                  ],
                 },
                 Variable {
                  identifier: "false",
                  position: (22, 19),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (23, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the <option>nix.settings.trusted-users</option> option in most use cases, such as allowing remote building of derivations.",
                    position: (23, 24),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (20, 24),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "keys",
               position: (26, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (26, 14),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (27, 9),
                   },
                  ],
                 },
                 FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "types",
                    position: (27, 16),
                   },
                   attribute_path: AttributePath {
                    attributes: [
                     Raw {
                      content: "listOf",
                      position: (27, 22),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   PropertyAccess {
                    expression: Variable {
                     identifier: "types",
                     position: (27, 29),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "str",
                       position: (27, 35),
                      },
                     ],
                    },
                    default: None,
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (28, 9),
                   },
                  ],
                 },
                 List {
                  elements: [],
                  position: (28, 19),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "example",
                    position: (29, 9),
                   },
                  ],
                 },
                 List {
                  elements: [
                   String {
                    parts: [
                     Raw {
                      content: "ssh-dss AAAAB3NzaC1k... alice@example.org",
                      position: (29, 22),
                     },
                    ],
                   },
                  ],
                  position: (29, 19),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (30, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "A list of SSH public keys allowed to access the binary cache via SSH.",
                    position: (30, 24),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (26, 23),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "protocol",
               position: (33, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (33, 18),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (34, 9),
                   },
                  ],
                 },
                 FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "types",
                    position: (34, 16),
                   },
                   attribute_path: AttributePath {
                    attributes: [
                     Raw {
                      content: "enum",
                      position: (34, 22),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   List {
                    elements: [
                     String {
                      parts: [
                       Raw {
                        content: "ssh",
                        position: (34, 30),
                       },
                      ],
                     },
                     String {
                      parts: [
                       Raw {
                        content: "ssh-ng",
                        position: (34, 36),
                       },
                      ],
                     },
                    ],
                    position: (34, 27),
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (35, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "ssh",
                    position: (35, 20),
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (36, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "The specific Nix-over-SSH protocol to use.",
                    position: (36, 24),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (33, 27),
              },
             ],
            },
           ),
          ],
          recursive: false,
          position: (12, 20),
         },
        ),
       ],
       recursive: false,
       position: (10, 13),
      },
     ),
     KeyValue(
      AttributePath {
       attributes: [
        Raw {
         content: "config",
         position: (43, 3),
        },
       ],
      },
      FunctionApplication {
       function: Variable {
        identifier: "mkIf",
        position: (43, 12),
       },
       arguments: [
        PropertyAccess {
         expression: Variable {
          identifier: "cfg",
          position: (43, 17),
         },
         attribute_path: AttributePath {
          attributes: [
           Raw {
            content: "enable",
            position: (43, 21),
           },
          ],
         },
         default: None,
        },
        Map {
         bindings: [
          KeyValue(
           AttributePath {
            attributes: [
             Raw {
              content: "users",
              position: (45, 5),
             },
             Raw {
              content: "users",
              position: (45, 11),
             },
             Raw {
              content: "nix-ssh",
              position: (45, 17),
             },
            ],
           },
           Map {
            bindings: [
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "description",
                 position: (46, 7),
                },
               ],
              },
              String {
               parts: [
                Raw {
                 content: "Nix SSH store user",
                 position: (46, 22),
                },
               ],
              },
             ),
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "isSystemUser",
                 position: (47, 7),
                },
               ],
              },
              Variable {
               identifier: "true",
               position: (47, 22),
              },
             ),
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "group",
                 position: (48, 7),
                },
               ],
              },
              String {
               parts: [
                Raw {
                 content: "nix-ssh",
                 position: (48, 16),
                },
               ],
              },
             ),
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "useDefaultShell",
                 position: (49, 7),
                },
               ],
              },
              Variable {
               identifier: "true",
               position: (49, 25),
              },
             ),
            ],
            recursive: false,
            position: (45, 27),
           },
          ),
          KeyValue(
           AttributePath {
            attributes: [
             Raw {
              content: "users",
              position: (51, 5),
             },
             Raw {
              content: "groups",
              position: (51, 11),
             },
             Raw {
              content: "nix-ssh",
              position: (51, 18),
             },
            ],
           },
           Map {
            bindings: [],
            recursive: false,
            position: (51, 28),
           },
          ),
          KeyValue(
           AttributePath {
            attributes: [
             Raw {
              content: "services",
              position: (53, 5),
             },
             Raw {
              content: "openssh",
              position: (53, 14),
             },
             Raw {
              content: "enable",
              position: (53, 22),
             },
            ],
           },
           Variable {
            identifier: "true",
            position: (53, 31),
           },
          ),
          KeyValue(
           AttributePath {
            attributes: [
             Raw {
              content: "services",
              position: (55, 5),
             },
             Raw {
              content: "openssh",
              position: (55, 14),
             },
             Raw {
              content: "extraConfig",
              position: (55, 22),
             },
            ],
           },
           String {
            parts: [
             Raw {
              content: "Match User nix-ssh\n  AllowAgentForwarding no\n  AllowTcpForwarding no\n  PermitTTY no\n  PermitTunnel no\n  X11Forwarding no\n  ForceCommand ",
              position: (56, 1),
             },
             Expression {
              expression: PropertyAccess {
               expression: Variable {
                identifier: "config",
                position: (62, 24),
               },
               attribute_path: AttributePath {
                attributes: [
                 Raw {
                  content: "nix",
                  position: (62, 31),
                 },
                 Raw {
                  content: "package",
                  position: (62, 35),
                 },
                 Raw {
                  content: "out",
                  position: (62, 43),
                 },
                ],
               },
               default: None,
              },
             },
             Raw {
              content: "/bin/",
              position: (62, 47),
             },
             Expression {
              expression: Variable {
               identifier: "command",
               position: (62, 54),
              },
             },
             Raw {
              content: "\nMatch All\n",
              position: (62, 62),
             },
            ],
           },
          ),
          KeyValue(
           AttributePath {
            attributes: [
             Raw {
              content: "users",
              position: (66, 5),
             },
             Raw {
              content: "users",
              position: (66, 11),
             },
             Raw {
              content: "nix-ssh",
              position: (66, 17),
             },
             Raw {
              content: "openssh",
              position: (66, 25),
             },
             Raw {
              content: "authorizedKeys",
              position: (66, 33),
             },
             Raw {
              content: "keys",
              position: (66, 48),
             },
            ],
           },
           PropertyAccess {
            expression: Variable {
             identifier: "cfg",
             position: (66, 55),
            },
            attribute_path: AttributePath {
             attributes: [
              Raw {
               content: "keys",
               position: (66, 59),
              },
             ],
            },
            default: None,
           },
          ),
         ],
         recursive: false,
         position: (43, 28),
        },
       ],
      },
     ),
    ],
    recursive: false,
    position: (9, 4),
   },
   position: (4, 1),
  },
  position: (3, 1),
 },
 position: (1, 1),
}