ssh.nix (1109B)
1 { config, lib, pkgs, ... }: 2 3 with lib; 4 let 5 cfg = config.modules.services.ssh; 6 in 7 { 8 options = { 9 modules.services.ssh = { 10 enable = mkEnableOption "Enable ssh profile"; 11 listenAddresses = mkOption { 12 type = types.listOf types.str; 13 default = [ ]; 14 }; 15 forwardX11 = mkOption { 16 type = types.bool; 17 default = false; 18 description = '' 19 Whether to allow X11 connections to be forwarded. 20 ''; 21 }; 22 extraConfig = mkOption { 23 type = types.lines; 24 default = ""; 25 description = "Verbatim contents of <filename>sshd_config</filename>."; 26 }; 27 }; 28 }; 29 config = mkIf cfg.enable { 30 services = { 31 openssh = { 32 enable = true; 33 startWhenNeeded = false; 34 settings = { 35 X11Forwarding = cfg.forwardX11; 36 }; 37 # listenAddresses = map 38 # Move this for kerkouane only 39 extraConfig = '' 40 StreamLocalBindUnlink yes 41 ${cfg.extraConfig} 42 ''; 43 }; 44 sshguard.enable = true; 45 }; 46 programs.mosh.enable = true; 47 }; 48 }