home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

ssh.nix (874B)


      1 { config, lib, pkgs, ... }:
      2 
      3 with lib;
      4 let
      5   cfg = config.profiles.ssh;
      6 in
      7 {
      8   options = {
      9     profiles.ssh = {
     10       enable = mkEnableOption "Enable ssh profile";
     11       forwardX11 = mkOption {
     12         type = types.bool;
     13         default = false;
     14         description = ''
     15           Whether to allow X11 connections to be forwarded.
     16         '';
     17       };
     18     };
     19   };
     20   config = mkIf cfg.enable {
     21     services = {
     22       openssh = {
     23         enable = true;
     24         startWhenNeeded = false;
     25         forwardX11 = cfg.forwardX11;
     26         extraConfig = ''
     27           StreamLocalBindUnlink yes
     28           Match User nginx
     29             ChrootDirectory /var/www
     30             ForceCommand interfal-sftp
     31             AllowTcpForwarding no
     32             PermitTunnel no
     33             X11Forwarding no
     34         '';
     35       };
     36       sshguard.enable = true;
     37     };
     38     programs.mosh.enable = true;
     39   };
     40 }