about summary refs log tree commit diff
path: root/modules/nixos/openssh.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/openssh.nix34
1 files changed, 34 insertions, 0 deletions
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
new file mode 100644
index 0000000..00d2852
--- /dev/null
+++ b/modules/nixos/openssh.nix
@@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.openssh;
+in {
+  options.nixfiles.modules.openssh.server.enable =
+    mkEnableOption "OpenSSH server";
+
+  config = mkIf cfg.server.enable {
+    programs.mosh.enable = true;
+
+    services = let
+      port = 22022; # Port 22 should be occupied by a tarpit.
+    in {
+      openssh = {
+        enable = true;
+        ports = [port];
+        logLevel = "VERBOSE"; # Required by fail2ban.
+        permitRootLogin = "no";
+        passwordAuthentication = false;
+      };
+
+      fail2ban.jails.sshd = ''
+        enabled = true
+        mode = aggressive
+        port = ${toString port}
+      '';
+    };
+  };
+}

Consider giving Nix/NixOS a try! <3