about summary refs log tree commit diff
path: root/modules/nixos/openssh.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/openssh.nix21
1 files changed, 13 insertions, 8 deletions
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 00d2852..36b85f8 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -7,27 +7,32 @@
 with lib; let
   cfg = config.nixfiles.modules.openssh;
 in {
-  options.nixfiles.modules.openssh.server.enable =
-    mkEnableOption "OpenSSH server";
+  options.nixfiles.modules.openssh.server = {
+    enable = mkEnableOption "OpenSSH server";
+
+    port = mkOption {
+      description = "OpenSSH server port.";
+      type = types.port;
+      default = 22022; # Port 22 should be occupied by a tarpit.
+    };
+  };
 
   config = mkIf cfg.server.enable {
     programs.mosh.enable = true;
 
-    services = let
-      port = 22022; # Port 22 should be occupied by a tarpit.
-    in {
+    services = {
       openssh = {
         enable = true;
-        ports = [port];
+        ports = [cfg.server.port];
         logLevel = "VERBOSE"; # Required by fail2ban.
-        permitRootLogin = "no";
+        permitRootLogin = mkForce "no";
         passwordAuthentication = false;
       };
 
       fail2ban.jails.sshd = ''
         enabled = true
         mode = aggressive
-        port = ${toString port}
+        port = ${toString cfg.server.port}
       '';
     };
   };

Consider giving Nix/NixOS a try! <3