diff options
author | Franck Cuny <franck@fcuny.net> | 2022-04-05 17:13:25 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-04-05 17:13:25 -0700 |
commit | 57edf6fec41abf571d637b09bd4132f858106381 (patch) | |
tree | 9cfee9ccb416f464b55bbcb9c714f85423828250 | |
parent | nix: refactor to a module (diff) | |
download | world-57edf6fec41abf571d637b09bd4132f858106381.tar.gz |
ssh: refactor to a module
Also install mosh and ensure the firewall opens the correct ports.
-rw-r--r-- | hosts/common/system/default.nix | 1 | ||||
-rw-r--r-- | hosts/common/system/ssh.nix | 6 | ||||
-rw-r--r-- | modules/default.nix | 2 | ||||
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/ssh-server/default.nix | 17 |
5 files changed, 19 insertions, 8 deletions
diff --git a/hosts/common/system/default.nix b/hosts/common/system/default.nix index 2e34ede..6fc0651 100644 --- a/hosts/common/system/default.nix +++ b/hosts/common/system/default.nix @@ -8,7 +8,6 @@ ./network.nix ./security.nix ./software.nix - ./ssh.nix ./users.nix ]; diff --git a/hosts/common/system/ssh.nix b/hosts/common/system/ssh.nix deleted file mode 100644 index cb7c47d..0000000 --- a/hosts/common/system/ssh.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.permitRootLogin = "yes"; - services.openssh.passwordAuthentication = false; -} diff --git a/modules/default.nix b/modules/default.nix index 189a313..67d8e83 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1 +1 @@ -{ ... }: { imports = [ ./hardware ./system ]; } +{ ... }: { imports = [ ./hardware ./system ./services ]; } diff --git a/modules/services/default.nix b/modules/services/default.nix new file mode 100644 index 0000000..d34f57a --- /dev/null +++ b/modules/services/default.nix @@ -0,0 +1 @@ +{ ... }: { imports = [ ./ssh-server ]; } diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix new file mode 100644 index 0000000..ce5d4c8 --- /dev/null +++ b/modules/services/ssh-server/default.nix @@ -0,0 +1,17 @@ +{ ... }: { + services.openssh = { + enable = true; + permitRootLogin = "yes"; + passwordAuthentication = false; + }; + + programs.mosh.enable = true; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + # Relevant ports for mosh + networking.firewall.allowedUDPPortRanges = [{ + from = 6000; + to = 6100; + }]; +} |