rework weird ssh module
This commit is contained in:
parent
49c456f506
commit
65ced5335c
GPG key ID:
DAF5EAF6665839FD
3 changed files with 25 additions and 41 deletions
|
|
@ -34,16 +34,12 @@ in {
|
|||
|
||||
modules = {
|
||||
services = {
|
||||
ssh = {
|
||||
enable = true;
|
||||
requirePassword = false;
|
||||
};
|
||||
ssh.enable = true;
|
||||
ssh.enableMoshSupport = true;
|
||||
|
||||
postgres.enable = true;
|
||||
|
||||
redis.enable = true;
|
||||
|
||||
mosh.enable = true;
|
||||
};
|
||||
|
||||
security.useDoas = true;
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
{ config, lib, pkgs, options, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.mosh;
|
||||
in {
|
||||
options.modules.services.mosh = {
|
||||
enable = mkEnableOption "enable mosh, the mobile SSH shell";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs.mosh = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -5,27 +5,31 @@ let
|
|||
cfg = config.modules.services.ssh;
|
||||
in {
|
||||
options.modules.services.ssh = {
|
||||
enable = mkEnableOption "enable openssh, a server for remote shell access";
|
||||
|
||||
requirePassword = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
enable = mkEnableOption "enable ssh. you know what ssh is";
|
||||
enableMoshSupport = mkEnableOption "enable mosh, a roaming, UDP-based ssh implementation";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
|
||||
ports = [ 22 ];
|
||||
settings = {
|
||||
PasswordAuthentication = cfg.requirePassword;
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
AllowUsers = null; # Allows all users by default, can be [ "user1" "user2" ]
|
||||
UseDns = true;
|
||||
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
|
||||
};
|
||||
};
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
networking.firewall.allowedUDPPorts = [ 22 ];
|
||||
}
|
||||
(mkIf cfg.enableMoshSupport {
|
||||
programs.mosh.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||
})
|
||||
]);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue