rework weird ssh module
This commit is contained in:
parent
49c456f506
commit
65ced5335c
GPG key ID:
DAF5EAF6665839FD
3 changed files with 25 additions and 41 deletions
|
|
@ -34,16 +34,12 @@ in {
|
||||||
|
|
||||||
modules = {
|
modules = {
|
||||||
services = {
|
services = {
|
||||||
ssh = {
|
ssh.enable = true;
|
||||||
enable = true;
|
ssh.enableMoshSupport = true;
|
||||||
requirePassword = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
postgres.enable = true;
|
postgres.enable = true;
|
||||||
|
|
||||||
redis.enable = true;
|
redis.enable = true;
|
||||||
|
|
||||||
mosh.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
security.useDoas = true;
|
security.useDoas = true;
|
||||||
|
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
||||||
{ config, lib, pkgs, options, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.modules.services.mosh;
|
|
||||||
in {
|
|
||||||
options.modules.services.mosh = {
|
|
||||||
enable = mkEnableOption "enable mosh, the mobile SSH shell";
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
programs.mosh = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -5,27 +5,31 @@ let
|
||||||
cfg = config.modules.services.ssh;
|
cfg = config.modules.services.ssh;
|
||||||
in {
|
in {
|
||||||
options.modules.services.ssh = {
|
options.modules.services.ssh = {
|
||||||
enable = mkEnableOption "enable openssh, a server for remote shell access";
|
enable = mkEnableOption "enable ssh. you know what ssh is";
|
||||||
|
enableMoshSupport = mkEnableOption "enable mosh, a roaming, UDP-based ssh implementation";
|
||||||
requirePassword = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable (mkMerge [
|
||||||
|
{
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
ports = [ 22 ];
|
||||||
settings = {
|
settings = {
|
||||||
PasswordAuthentication = cfg.requirePassword;
|
PasswordAuthentication = false;
|
||||||
PermitRootLogin = "no";
|
AllowUsers = null; # Allows all users by default, can be [ "user1" "user2" ]
|
||||||
|
UseDns = true;
|
||||||
|
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
enable = true;
|
networking.firewall.allowedUDPPorts = [ 22 ];
|
||||||
enableSSHSupport = true;
|
}
|
||||||
};
|
(mkIf cfg.enableMoshSupport {
|
||||||
};
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||||
|
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||||
|
})
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue