about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-04-05 17:13:25 -0700
committerFranck Cuny <franck@fcuny.net>2022-04-05 17:13:25 -0700
commit57edf6fec41abf571d637b09bd4132f858106381 (patch)
tree9cfee9ccb416f464b55bbcb9c714f85423828250 /modules
parentnix: refactor to a module (diff)
downloadworld-57edf6fec41abf571d637b09bd4132f858106381.tar.gz
ssh: refactor to a module
Also install mosh and ensure the firewall opens the correct ports.
Diffstat (limited to 'modules')
-rw-r--r--modules/default.nix2
-rw-r--r--modules/services/default.nix1
-rw-r--r--modules/services/ssh-server/default.nix17
3 files changed, 19 insertions, 1 deletions
diff --git a/modules/default.nix b/modules/default.nix
index 189a313..67d8e83 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./hardware ./system ]; }
+{ ... }: { imports = [ ./hardware ./system ./services ]; }
diff --git a/modules/services/default.nix b/modules/services/default.nix
new file mode 100644
index 0000000..d34f57a
--- /dev/null
+++ b/modules/services/default.nix
@@ -0,0 +1 @@
+{ ... }: { imports = [ ./ssh-server ]; }
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
new file mode 100644
index 0000000..ce5d4c8
--- /dev/null
+++ b/modules/services/ssh-server/default.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  programs.mosh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  # Relevant ports for mosh
+  networking.firewall.allowedUDPPortRanges = [{
+    from = 6000;
+    to = 6100;
+  }];
+}