ssh.nix (874B)
1 { config, lib, pkgs, ... }: 2 3 with lib; 4 let 5 cfg = config.profiles.ssh; 6 in 7 { 8 options = { 9 profiles.ssh = { 10 enable = mkEnableOption "Enable ssh profile"; 11 forwardX11 = mkOption { 12 type = types.bool; 13 default = false; 14 description = '' 15 Whether to allow X11 connections to be forwarded. 16 ''; 17 }; 18 }; 19 }; 20 config = mkIf cfg.enable { 21 services = { 22 openssh = { 23 enable = true; 24 startWhenNeeded = false; 25 forwardX11 = cfg.forwardX11; 26 extraConfig = '' 27 StreamLocalBindUnlink yes 28 Match User nginx 29 ChrootDirectory /var/www 30 ForceCommand interfal-sftp 31 AllowTcpForwarding no 32 PermitTunnel no 33 X11Forwarding no 34 ''; 35 }; 36 sshguard.enable = true; 37 }; 38 programs.mosh.enable = true; 39 }; 40 }