summaryrefslogtreecommitdiff
path: root/modules/nixos/openssh.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/openssh.nix')
-rw-r--r--modules/nixos/openssh.nix21
1 files changed, 13 insertions, 8 deletions
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 00d2852..36b85f8 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -7,27 +7,32 @@
with lib; let
cfg = config.nixfiles.modules.openssh;
in {
- options.nixfiles.modules.openssh.server.enable =
- mkEnableOption "OpenSSH server";
+ options.nixfiles.modules.openssh.server = {
+ enable = mkEnableOption "OpenSSH server";
+
+ port = mkOption {
+ description = "OpenSSH server port.";
+ type = types.port;
+ default = 22022; # Port 22 should be occupied by a tarpit.
+ };
+ };
config = mkIf cfg.server.enable {
programs.mosh.enable = true;
- services = let
- port = 22022; # Port 22 should be occupied by a tarpit.
- in {
+ services = {
openssh = {
enable = true;
- ports = [port];
+ ports = [cfg.server.port];
logLevel = "VERBOSE"; # Required by fail2ban.
- permitRootLogin = "no";
+ permitRootLogin = mkForce "no";
passwordAuthentication = false;
};
fail2ban.jails.sshd = ''
enabled = true
mode = aggressive
- port = ${toString port}
+ port = ${toString cfg.server.port}
'';
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 02:52:46 +0000