b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

sshd: provide option to disable firewall altering

Browse source
This commit is contained in:
Leon Schuermann 2018-01-18 21:24:36 +07:00 committed by adisbladis
parent 0b559ed1cd
commit c61a9dfd2e
No known key found for this signature in database
GPG key ID: ED58F95069B004F5
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -21,7 +21,7 @@ let
daemon reads in addition to the the user's authorized_keys file.
You can combine the <literal>keys</literal> and
<literal>keyFiles</literal> options.
Warning: If you are using <literal>NixOps</literal> then don't use this
Warning: If you are using <literal>NixOps</literal> then don't use this
option since it will replace the key required for deployment via ssh.
'';
};
@ -137,6 +137,14 @@ in
'';
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = ''
Whether to automatically open the specified ports in the firewall.
'';
};
listenAddresses = mkOption {
type = with types; listOf (submodule {
options = {
@ -302,7 +310,7 @@ in
};
networking.firewall.allowedTCPPorts = cfg.ports;
networking.firewall.allowedTCPPorts = if cfg.openFirewall then cfg.ports else [];
security.pam.services.sshd =
{ startSession = true;