diff options
author | Leon Schuermann <leon.git@is.currently.online> | 2018-01-18 21:24:36 +0700 |
---|---|---|
committer | adisbladis <adis@blad.is> | 2018-01-18 22:55:28 +0800 |
commit | c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef (patch) | |
tree | 2d7770a429598b1d26f2d17937acfddbdb3d5417 /nixos/modules | |
parent | 0b559ed1cd219939482d40f286b6abe71752c850 (diff) | |
download | nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.tar nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.tar.gz nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.tar.bz2 nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.tar.lz nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.tar.xz nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.tar.zst nixpkgs-c61a9dfd2e7ac34e7967f5b418de9fe61f2aeeef.zip |
sshd: provide option to disable firewall altering
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index aa9c0fa1c09..d9b12d27816 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -21,7 +21,7 @@ let daemon reads in addition to the the user's authorized_keys file. You can combine the <literal>keys</literal> and <literal>keyFiles</literal> options. - Warning: If you are using <literal>NixOps</literal> then don't use this + Warning: If you are using <literal>NixOps</literal> then don't use this option since it will replace the key required for deployment via ssh. ''; }; @@ -137,6 +137,14 @@ in ''; }; + openFirewall = mkOption { + type = types.bool; + default = true; + description = '' + Whether to automatically open the specified ports in the firewall. + ''; + }; + listenAddresses = mkOption { type = with types; listOf (submodule { options = { @@ -302,7 +310,7 @@ in }; - networking.firewall.allowedTCPPorts = cfg.ports; + networking.firewall.allowedTCPPorts = if cfg.openFirewall then cfg.ports else []; security.pam.services.sshd = { startSession = true; |