ssh: refactor to a module

Also install mosh and ensure the firewall opens the correct ports.
author: Franck Cuny <franck@fcuny.net> 2022-04-05 17:13:25 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-04-05 17:13:25 -0700
commit: 57edf6fec41abf571d637b09bd4132f858106381 (patch)
tree: 9cfee9ccb416f464b55bbcb9c714f85423828250 /modules/services/ssh-server/default.nix
parent: nix: refactor to a module (diff)
download: infra-57edf6fec41abf571d637b09bd4132f858106381.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
new file mode 100644
index 0000000..ce5d4c8
--- /dev/null
+++ b/modules/services/ssh-server/default.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  programs.mosh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  # Relevant ports for mosh
+  networking.firewall.allowedUDPPortRanges = [{
+    from = 6000;
+    to = 6100;
+  }];
+}
author	Franck Cuny <franck@fcuny.net>	2022-04-05 17:13:25 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-04-05 17:13:25 -0700
commit	57edf6fec41abf571d637b09bd4132f858106381 (patch)
tree	9cfee9ccb416f464b55bbcb9c714f85423828250 /modules/services/ssh-server/default.nix
parent	nix: refactor to a module (diff)
download	infra-57edf6fec41abf571d637b09bd4132f858106381.tar.gz