rework weird ssh module
This commit is contained in:
parent
49c456f506
commit
629fe4a2df
GPG key ID:
DAF5EAF6665839FD
3 changed files with 16 additions and 35 deletions
|
|
@ -34,16 +34,12 @@ in {
|
|||
|
||||
modules = {
|
||||
services = {
|
||||
ssh = {
|
||||
enable = true;
|
||||
requirePassword = false;
|
||||
};
|
||||
ssh.enable = true;
|
||||
ssh.enableMoshSupport = true;
|
||||
|
||||
postgres.enable = true;
|
||||
|
||||
redis.enable = true;
|
||||
|
||||
mosh.enable = true;
|
||||
};
|
||||
|
||||
security.useDoas = true;
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.mosh;
|
||||
in {
|
||||
options.modules.services.mosh = {
|
||||
enable = mkEnableOption "enable mosh, the mobile SSH shell";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs.mosh = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -5,12 +5,8 @@ let
|
|||
cfg = config.modules.services.ssh;
|
||||
in {
|
||||
options.modules.services.ssh = {
|
||||
enable = mkEnableOption "enable openssh, a server for remote shell access";
|
||||
|
||||
requirePassword = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
enable = mkEnableOption "enable ssh. you know what ssh is";
|
||||
enableMoshSupport = mkEnableOption "enable mosh, a roaming, UDP-based ssh implementation";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
@ -18,14 +14,19 @@ in {
|
|||
enable = true;
|
||||
|
||||
settings = {
|
||||
PasswordAuthentication = cfg.requirePassword;
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
AllowUsers = null; # Allows all users by default, can be [ "user1" "user2" ]
|
||||
UseDns = true;
|
||||
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
|
||||
};
|
||||
};
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
networking.firewall.allowedUDPPorts = [ 22 ];
|
||||
} // (mkIf cfg.enableMoshSupport {
|
||||
programs.mosh.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||
});
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue