2024-12-06 18:04:47 +00:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
namespace,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-05-21 00:52:57 +00:00
|
|
|
|
|
|
|
|
let
|
2024-12-06 18:04:47 +00:00
|
|
|
cfg = config.${namespace}.services.ssh;
|
2024-05-21 00:52:57 +00:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
2024-12-06 18:04:47 +00:00
|
|
|
${namespace}.services.ssh = {
|
2024-09-08 15:58:56 +00:00
|
|
|
enable = lib.mkEnableOption "Enables SSH server.";
|
2024-05-21 00:52:57 +00:00
|
|
|
ports = lib.mkOption {
|
2024-06-02 17:41:18 +00:00
|
|
|
default = [ 22 ];
|
2024-05-21 00:52:57 +00:00
|
|
|
type = lib.types.listOf lib.types.int;
|
|
|
|
|
description = "Ports for SSH to listen on.";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
ports = cfg.ports;
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
# require public key authentication and disable root logins
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
|
PubkeyAuthentication = true;
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
