infrastructure/modules/nixos/dgn-ssh.nix

# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, lib, ... }:

let
  inherit (lib) mkEnableOption mkIf;

  cfg = config.dgn-ssh;
in

{
  options.dgn-ssh = {
    enable = mkEnableOption "ssh default configuration." // {
      default = true;
    };
  };

  config = mkIf cfg.enable {
    services.openssh = {
      enable = true;

      settings = {
        KbdInteractiveAuthentication = false;
        LoginGraceTime = "30";
        MaxSessions = "64";
        MaxStartups = "64";
        PasswordAuthentication = false;
      };
    };

    programs.mosh.enable = true;
  };
}
chore: Add license and copyright information Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel. 2024-12-12 14:41:43 +01:00			`# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>`
			`# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>`
modules/dgn-ssh: Add default ssh configuration for all nodes 2023-05-22 16:47:13 +02:00			`#`
chore: Add license and copyright information Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel. 2024-12-12 14:41:43 +01:00			`# SPDX-License-Identifier: EUPL-1.2`
modules/dgn-ssh: Add default ssh configuration for all nodes 2023-05-22 16:47:13 +02:00
			`{ config, lib, ... }:`

			`let`
feat(modules/dgn-ssh): Disable kbdinteractiveauthentication 2024-01-30 10:22:27 +01:00			`inherit (lib) mkEnableOption mkIf;`
modules: Use inherit instead of with 2023-07-18 17:00:51 +02:00
modules/dgn-ssh: Add default ssh configuration for all nodes 2023-05-22 16:47:13 +02:00			`cfg = config.dgn-ssh;`
			`in`

			`{`
			`options.dgn-ssh = {`
feat(modules/dgn-ssh): Disable kbdinteractiveauthentication 2024-01-30 10:22:27 +01:00			`enable = mkEnableOption "ssh default configuration." // {`
			`default = true;`
			`};`
modules/dgn-ssh: Add default ssh configuration for all nodes 2023-05-22 16:47:13 +02:00			`};`

			`config = mkIf cfg.enable {`
			`services.openssh = {`
			`enable = true;`

feat(modules/dgn-ssh): Disable kbdinteractiveauthentication 2024-01-30 10:22:27 +01:00			`settings = {`
			`KbdInteractiveAuthentication = false;`
feat(dgn-ssh): Increase allowed connexions 2024-02-26 14:33:39 +01:00			`LoginGraceTime = "30";`
			`MaxSessions = "64";`
			`MaxStartups = "64";`
			`PasswordAuthentication = false;`
feat(modules/dgn-ssh): Disable kbdinteractiveauthentication 2024-01-30 10:22:27 +01:00			`};`
modules/dgn-ssh: Add default ssh configuration for all nodes 2023-05-22 16:47:13 +02:00			`};`

			`programs.mosh.enable = true;`
			`};`
			`}`