From 313e18cb6119d4b03580d8d34fbec0c78bca872c Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 17 Dec 2022 20:35:36 +0300 Subject: 2022-12-17 --- modules/nixos/openssh.nix | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'modules/nixos/openssh.nix') diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 00d2852..36b85f8 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -7,27 +7,32 @@ with lib; let cfg = config.nixfiles.modules.openssh; in { - options.nixfiles.modules.openssh.server.enable = - mkEnableOption "OpenSSH server"; + options.nixfiles.modules.openssh.server = { + enable = mkEnableOption "OpenSSH server"; + + port = mkOption { + description = "OpenSSH server port."; + type = types.port; + default = 22022; # Port 22 should be occupied by a tarpit. + }; + }; config = mkIf cfg.server.enable { programs.mosh.enable = true; - services = let - port = 22022; # Port 22 should be occupied by a tarpit. - in { + services = { openssh = { enable = true; - ports = [port]; + ports = [cfg.server.port]; logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = "no"; + permitRootLogin = mkForce "no"; passwordAuthentication = false; }; fail2ban.jails.sshd = '' enabled = true mode = aggressive - port = ${toString port} + port = ${toString cfg.server.port} ''; }; }; -- cgit 1.4.1