From 57edf6fec41abf571d637b09bd4132f858106381 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 5 Apr 2022 17:13:25 -0700
Subject: ssh: refactor to a module

Also install mosh and ensure the firewall opens the correct ports.
---
 modules/default.nix                     |  2 +-
 modules/services/default.nix            |  1 +
 modules/services/ssh-server/default.nix | 17 +++++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 modules/services/default.nix
 create mode 100644 modules/services/ssh-server/default.nix

(limited to 'modules')

diff --git a/modules/default.nix b/modules/default.nix
index 189a313..67d8e83 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./hardware ./system ]; }
+{ ... }: { imports = [ ./hardware ./system ./services ]; }
diff --git a/modules/services/default.nix b/modules/services/default.nix
new file mode 100644
index 0000000..d34f57a
--- /dev/null
+++ b/modules/services/default.nix
@@ -0,0 +1 @@
+{ ... }: { imports = [ ./ssh-server ]; }
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
new file mode 100644
index 0000000..ce5d4c8
--- /dev/null
+++ b/modules/services/ssh-server/default.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  programs.mosh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  # Relevant ports for mosh
+  networking.firewall.allowedUDPPortRanges = [{
+    from = 6000;
+    to = 6100;
+  }];
+}
-- 
cgit 1.4.1