back round 0 view raw

nix/modules/knot: make ssh ports configurable #716

closed
opened by boltless.me targeting master from push-qrzyzsxkvpwt
options
unified split
Changed files
+9 -2
nix
modules
knot.nix
+9 -2
nix/modules/knot.nix 
···

       
32

       
32

       
 

       
          description = "User that hosts git repos and performs git operations";


     

       
33

       
33

       
 

       
        };


     

       
34

       
34

       
 

       



     

       

       
35

       
+

       
        sshPorts = mkOption {


     

       

       
36

       
+

       
          type = types.listOf types.port;


     

       

       
37

       
+

       
          default = [22];


     

       

       
38

       
+

       
          description = "Specifies ports used for ssh";


     

       

       
39

       
+

       
        };


     

       

       
40

       
+

       



     

       
35

       
41

       
 

       
        openFirewall = mkOption {


     

       
36

       
42

       
 

       
          type = types.bool;


     

       
37

       
43

       
 

       
          default = true;


     

       
38

       

       
-

       
          description = "Open port 22 in the firewall for ssh";


     

       

       
44

       
+

       
          description = "Open ssh port in the firewall";


     

       
39

       
45

       
 

       
        };


     

       
40

       
46

       
 

       



     

       
41

       
47

       
 

       
        stateDir = mkOption {


     
···

       
138

       
144

       
 

       



     

       
139

       
145

       
 

       
      services.openssh = {


     

       
140

       
146

       
 

       
        enable = true;


     

       

       
147

       
+

       
        ports = cfg.sshPorts;


     

       
141

       
148

       
 

       
        extraConfig = ''


     

       
142

       
149

       
 

       
          Match User ${cfg.gitUser}


     

       
143

       
150

       
 

       
              AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper


     
···

       
206

       
213

       
 

       
        };


     

       
207

       
214

       
 

       
      };


     

       
208

       
215

       
 

       



     

       
209

       

       
-

       
      networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [22];


     

       

       
216

       
+

       
      networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall cfg.sshPorts;


     

       
210

       
217

       
 

       
    };


     

       
211

       
218

       
 

       
  }