28 lines
647 B
Nix
28 lines
647 B
Nix
{ config, lib, ... }:
|
|
let
|
|
inherit (lib) mkIf mkEnableOption mkOption;
|
|
inherit (lib.types) listOf int;
|
|
cfg = config.ataraxia.defaults.ssh;
|
|
in
|
|
{
|
|
options.ataraxia.defaults.ssh = {
|
|
enable = mkEnableOption "Root on zfs";
|
|
ports = mkOption {
|
|
type = listOf int;
|
|
default = [ 22 ];
|
|
description = "OpenSSH ports to listen";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
settings.PermitRootLogin = "no";
|
|
settings.X11Forwarding = false;
|
|
extraConfig = "StreamLocalBindUnlink yes";
|
|
ports = cfg.ports;
|
|
};
|
|
};
|
|
}
|