1 files changed, 52 insertions, 0 deletions

diff --git a/modules/nixfiles/openssh.nix b/modules/nixfiles/openssh.nix
new file mode 100644
index 0000000..2f1559e
--- /dev/null
+++ b/modules/nixfiles/openssh.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.openssh;
+in {
+  options.nixfiles.modules.openssh = {
+    client.enable = mkEnableOption "Whether to enable OpenSSH client.";
+    server.enable = mkEnableOption "Whether to enable OpenSSH server.";
+  };
+
+  config = mkMerge [
+    (mkIf cfg.client.enable {
+      hm = {
+        home.packages = with pkgs; [mosh sshfs];
+
+        programs.ssh = {
+          enable = true;
+          controlMaster = "auto";
+          controlPersist = "24H";
+          hashKnownHosts = true;
+          serverAliveCountMax = 30;
+          serverAliveInterval = 60;
+        };
+      };
+    })
+    (mkIf cfg.server.enable {
+      programs.mosh.enable = true;
+
+      services = let
+        port = 22022;
+      in {
+        openssh = {
+          enable = true;
+          ports = [port];
+          logLevel = "VERBOSE";
+          permitRootLogin = "no";
+          passwordAuthentication = false;
+        };
+
+        fail2ban.jails.sshd = ''
+          enabled = true
+          mode = aggressive
+          port = ${toString port}
+        '';
+      };
+    })
+  ];
+}