24 lines
570 B
Nix
24 lines
570 B
Nix
{ config, lib, ... }: {
|
|
|
|
options = {
|
|
sysconfig.opts.openssh.enable = lib.options.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.sysconfig.opts.openssh.enable {
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
};
|
|
};
|
|
}
|