35 lines
1.1 KiB
Nix
Executable file
35 lines
1.1 KiB
Nix
Executable file
{ options, config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.modules.services.ssh;
|
|
in {
|
|
options.modules.services.ssh = {
|
|
enable = mkEnableOption "enable ssh. you know what ssh is";
|
|
enableMoshSupport = mkEnableOption "enable mosh, a roaming, UDP-based ssh implementation";
|
|
};
|
|
|
|
config = mkIf cfg.enable (mkMerge [
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 22 ];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
AllowUsers = null; # Allows all users by default, can be [ "user1" "user2" ]
|
|
UseDns = true;
|
|
PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
networking.firewall.allowedUDPPorts = [ 22 ];
|
|
}
|
|
(mkIf cfg.enableMoshSupport {
|
|
programs.mosh.enable = true;
|
|
|
|
networking.firewall.allowedTCPPortRanges = [ { from = 60000; to = 61000; } ];
|
|
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
|
|
})
|
|
]);
|
|
}
|