From 313e18cb6119d4b03580d8d34fbec0c78bca872c Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Sat, 17 Dec 2022 20:35:36 +0300
Subject: 2022-12-17

---
 modules/nixos/openssh.nix          | 21 +++++++++++++--------
 modules/nixos/profiles/headful.nix |  1 -
 2 files changed, 13 insertions(+), 9 deletions(-)

(limited to 'modules/nixos')

diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 00d2852..36b85f8 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -7,27 +7,32 @@
 with lib; let
   cfg = config.nixfiles.modules.openssh;
 in {
-  options.nixfiles.modules.openssh.server.enable =
-    mkEnableOption "OpenSSH server";
+  options.nixfiles.modules.openssh.server = {
+    enable = mkEnableOption "OpenSSH server";
+
+    port = mkOption {
+      description = "OpenSSH server port.";
+      type = types.port;
+      default = 22022; # Port 22 should be occupied by a tarpit.
+    };
+  };
 
   config = mkIf cfg.server.enable {
     programs.mosh.enable = true;
 
-    services = let
-      port = 22022; # Port 22 should be occupied by a tarpit.
-    in {
+    services = {
       openssh = {
         enable = true;
-        ports = [port];
+        ports = [cfg.server.port];
         logLevel = "VERBOSE"; # Required by fail2ban.
-        permitRootLogin = "no";
+        permitRootLogin = mkForce "no";
         passwordAuthentication = false;
       };
 
       fail2ban.jails.sshd = ''
         enabled = true
         mode = aggressive
-        port = ${toString port}
+        port = ${toString cfg.server.port}
       '';
     };
   };
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index 01c442e..d15f004 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -68,7 +68,6 @@ in {
     programs = {
       iftop.enable = true;
       mtr.enable = true;
-      traceroute.enable = true;
     };
 
     services = {
-- 
cgit v1.2.3