ssh: refactor to a module

Also install mosh and ensure the firewall opens the correct ports.
author: Franck Cuny <franck@fcuny.net> 2022-04-05 17:13:25 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-04-05 17:13:25 -0700
commit: 57edf6fec41abf571d637b09bd4132f858106381 (patch)
tree: 9cfee9ccb416f464b55bbcb9c714f85423828250 /modules
parent: nix: refactor to a module (diff)
download: infra-57edf6fec41abf571d637b09bd4132f858106381.tar.gz
3 files changed, 19 insertions, 1 deletions
diff --git a/modules/default.nix b/modules/default.nix
index 189a313..67d8e83 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./hardware ./system ]; }
+{ ... }: { imports = [ ./hardware ./system ./services ]; }
diff --git a/modules/services/default.nix b/modules/services/default.nix
new file mode 100644
index 0000000..d34f57a
--- /dev/null
+++ b/modules/services/default.nix
@@ -0,0 +1 @@
+{ ... }: { imports = [ ./ssh-server ]; }
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
new file mode 100644
index 0000000..ce5d4c8
--- /dev/null
+++ b/modules/services/ssh-server/default.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  programs.mosh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  # Relevant ports for mosh
+  networking.firewall.allowedUDPPortRanges = [{
+    from = 6000;
+    to = 6100;
+  }];
+}
author	Franck Cuny <franck@fcuny.net>	2022-04-05 17:13:25 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-04-05 17:13:25 -0700
commit	57edf6fec41abf571d637b09bd4132f858106381 (patch)
tree	9cfee9ccb416f464b55bbcb9c714f85423828250 /modules
parent	nix: refactor to a module (diff)
download	infra-57edf6fec41abf571d637b09bd4132f858106381.tar.gz