modules/nixos/services/ssh.nix at master · sapphic.moe/flake

sapphic.moe / flake

❄️ Dotfiles for our NixOS system configuration.

flake / modules / nixos / services / ssh.nix

at master 896 B view raw

 1{ lib, config, ... }:
 2
 3{
 4  options.settings.ssh = {
 5    enable = lib.mkOption {
 6      type = lib.types.bool;
 7      default = true;
 8      description = "Enable SSH service";
 9    };
10
11    passwordAuthentication = lib.mkOption {
12      type = lib.types.bool;
13      default = false;
14      description = "Allow password authentication";
15    };
16
17    permitRootLogin = lib.mkOption {
18      type = lib.types.str;
19      default = "no";
20      description = "Permit root login via SSH";
21    };
22  };
23
24  config = lib.mkIf config.settings.ssh.enable {
25    services.openssh = {
26      enable = true;
27      settings = {
28        PasswordAuthentication = config.settings.ssh.passwordAuthentication;
29        KbdInteractiveAuthentication = config.settings.ssh.passwordAuthentication;
30        PermitRootLogin = config.settings.ssh.permitRootLogin;
31      };
32    };
33
34    settings.firewall.allowedTCPPorts = [ 22 ];
35  };
36}