diff options
author | Azat Bahawi <azat@bahawi.net> | 2022-12-17 20:35:36 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2022-12-17 20:35:36 +0300 |
commit | 313e18cb6119d4b03580d8d34fbec0c78bca872c (patch) | |
tree | 7d3f9583af9422c80fe20ae1dd1747e6b2c9b9a5 /modules/nixos | |
parent | 2022-12-17 (diff) |
2022-12-17
Diffstat (limited to 'modules/nixos')
-rw-r--r-- | modules/nixos/openssh.nix | 21 | ||||
-rw-r--r-- | modules/nixos/profiles/headful.nix | 1 |
2 files changed, 13 insertions, 9 deletions
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 00d2852..36b85f8 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -7,27 +7,32 @@ with lib; let cfg = config.nixfiles.modules.openssh; in { - options.nixfiles.modules.openssh.server.enable = - mkEnableOption "OpenSSH server"; + options.nixfiles.modules.openssh.server = { + enable = mkEnableOption "OpenSSH server"; + + port = mkOption { + description = "OpenSSH server port."; + type = types.port; + default = 22022; # Port 22 should be occupied by a tarpit. + }; + }; config = mkIf cfg.server.enable { programs.mosh.enable = true; - services = let - port = 22022; # Port 22 should be occupied by a tarpit. - in { + services = { openssh = { enable = true; - ports = [port]; + ports = [cfg.server.port]; logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = "no"; + permitRootLogin = mkForce "no"; passwordAuthentication = false; }; fail2ban.jails.sshd = '' enabled = true mode = aggressive - port = ${toString port} + port = ${toString cfg.server.port} ''; }; }; diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix index 01c442e..d15f004 100644 --- a/modules/nixos/profiles/headful.nix +++ b/modules/nixos/profiles/headful.nix @@ -68,7 +68,6 @@ in { programs = { iftop.enable = true; mtr.enable = true; - traceroute.enable = true; }; services = { |