public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sshd: provide option to disable firewall altering

This commit is contained in:
Leon Schuermann 2018-01-18 21:24:36 +07:00 committed by adisbladis
parent 0b559ed1cd
commit c61a9dfd2e
No known key found for this signature in database
GPG Key ID: ED58F95069B004F5
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -21,7 +21,7 @@ let
daemon reads in addition to the the user's authorized_keys file. daemon reads in addition to the the user's authorized_keys file.
You can combine the <literal>keys</literal> and You can combine the <literal>keys</literal> and
<literal>keyFiles</literal> options. <literal>keyFiles</literal> options.
Warning: If you are using <literal>NixOps</literal> then don't use this Warning: If you are using <literal>NixOps</literal> then don't use this
option since it will replace the key required for deployment via ssh. option since it will replace the key required for deployment via ssh.
''; '';
}; };
@ -137,6 +137,14 @@ in
''; '';
}; };
openFirewall = mkOption {
type = types.bool;
default = true;
description = ''
Whether to automatically open the specified ports in the firewall.
'';
};
listenAddresses = mkOption { listenAddresses = mkOption {
type = with types; listOf (submodule { type = with types; listOf (submodule {
options = { options = {
@ -302,7 +310,7 @@ in
}; };
networking.firewall.allowedTCPPorts = cfg.ports; networking.firewall.allowedTCPPorts = if cfg.openFirewall then cfg.ports else [];
security.pam.services.sshd = security.pam.services.sshd =
{ startSession = true; { startSession = true;