2023-12-29 20:54:12 +01:00
|
|
|
# BIASED
|
2023-12-29 14:53:19 +01:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
{
|
|
|
|
|
config = {
|
2024-01-09 16:21:22 +01:00
|
|
|
services = {
|
2024-01-16 18:49:03 -05:00
|
|
|
|
2024-01-09 16:21:22 +01:00
|
|
|
openssh = lib.mkIf config.services.gitea.enable {
|
2023-12-29 14:53:19 +01:00
|
|
|
extraConfig = ''
|
|
|
|
|
Match User gitea
|
|
|
|
|
PermitTTY no
|
|
|
|
|
X11Forwarding no
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2024-01-09 16:21:22 +01:00
|
|
|
gitea.settings."ssh.minimum_key_sizes" = lib.mkIf config.services.gitea.enable {
|
2023-12-29 14:53:19 +01:00
|
|
|
ECDSA = -1;
|
|
|
|
|
RSA = 4095;
|
|
|
|
|
};
|
2024-01-09 16:21:22 +01:00
|
|
|
|
|
|
|
|
endlessh-go = lib.mkIf (!builtins.elem 22 config.services.openssh.ports) {
|
|
|
|
|
enable = true;
|
|
|
|
|
port = 22;
|
|
|
|
|
};
|
2023-12-29 14:53:19 +01:00
|
|
|
};
|
2024-01-02 16:30:08 +01:00
|
|
|
|
|
|
|
|
networking.firewall = lib.mkIf config.services.openssh.enable {
|
2024-01-09 16:21:22 +01:00
|
|
|
allowedTCPPorts = config.services.openssh.ports ++ [ 22 ];
|
2024-01-02 16:30:08 +01:00
|
|
|
};
|
2023-12-29 14:53:19 +01:00
|
|
|
};
|
2024-01-02 16:30:08 +01:00
|
|
|
}
|
