prepare configuration for server use

2023-09-10 14:12:01 +02:00 · 2023-09-10 14:12:01 +02:00 · e65ba7c8a6
commit e65ba7c8a6
parent db67663eb6
12 changed files with 188 additions and 7 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -4,6 +4,7 @@
  ...
 }: let
  cfg = config.my;
+  helpers = import ../helpers;
 in {
  imports = [
    ./home
@ -22,7 +23,7 @@ in {
    services.openssh = {
      enable = true;
      settings = {
-        PermitRootLogin = "no";
+        PermitRootLogin = helpers.mkIfElse config.my.server.enable "yes" "no";
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
      };
--- a/modules/desktop/default.nix
+++ b/modules/desktop/default.nix
@ -22,6 +22,8 @@ in {

      # Enable CUPS to print documents.
      printing.enable = true;
+
+      openssh.settings.PermitRootLogin = "no";
    };

    # Enable sound with pipewire.
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.my.server;
+in {
+  imports = [];
+
+  options.my.server = {
+    enable = lib.mkEnableOption "server role";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      services.openssh.enable = true;
+    };
+
+    programs = {
+    };
+
+    networking.firewall = {
+      allowedTCPPortRanges = [
+        {
+          # ssh
+          from = 22;
+          to = 22;
+        }
+      ];
+    };
+  };
+}