mirror of
https://github.com/kaesaecracker/nixos-configuration.git
synced 2025-01-18 18:40:14 +01:00
38 lines
670 B
Nix
38 lines
670 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
cfg = config.my.server;
|
|
in {
|
|
options.my.server = {
|
|
enable = lib.mkEnableOption "server role";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services = {
|
|
# Enable the OpenSSH daemon.
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
# PermitRootLogin = "no"; # this is managed through authorized keys
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPortRanges = [
|
|
{
|
|
# ssh
|
|
from = 22;
|
|
to = 22;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|