home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

ssh.nix (1109B)


      1 { config, lib, pkgs, ... }:
      2 
      3 with lib;
      4 let
      5   cfg = config.modules.services.ssh;
      6 in
      7 {
      8   options = {
      9     modules.services.ssh = {
     10       enable = mkEnableOption "Enable ssh profile";
     11       listenAddresses = mkOption {
     12         type = types.listOf types.str;
     13         default = [ ];
     14       };
     15       forwardX11 = mkOption {
     16         type = types.bool;
     17         default = false;
     18         description = ''
     19           Whether to allow X11 connections to be forwarded.
     20         '';
     21       };
     22       extraConfig = mkOption {
     23         type = types.lines;
     24         default = "";
     25         description = "Verbatim contents of <filename>sshd_config</filename>.";
     26       };
     27     };
     28   };
     29   config = mkIf cfg.enable {
     30     services = {
     31       openssh = {
     32         enable = true;
     33         startWhenNeeded = false;
     34         settings = {
     35           X11Forwarding = cfg.forwardX11;
     36         };
     37         # listenAddresses = map
     38         # Move this for kerkouane only
     39         extraConfig = ''
     40           StreamLocalBindUnlink yes
     41           ${cfg.extraConfig}
     42         '';
     43       };
     44       sshguard.enable = true;
     45     };
     46     programs.mosh.enable = true;
     47   };
     48 }