implement a dropbear SSH module
This commit is contained in:
parent
6570c5ed84
commit
0bb887158b
|
@ -32,4 +32,14 @@ in
|
|||
visibleTo.lan = true;
|
||||
description = lib.mkDefault "colin-ssh";
|
||||
};
|
||||
|
||||
# sane.services.dropbear = {
|
||||
# enable = true;
|
||||
# port = 1022;
|
||||
# };
|
||||
# sane.ports.ports."1022" = {
|
||||
# protocol = [ "tcp" ];
|
||||
# visibleTo.lan = true;
|
||||
# description = lib.mkDefault "colin-dropbear-ssh";
|
||||
# };
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./dropbear.nix
|
||||
./clightning.nix
|
||||
./dyn-dns.nix
|
||||
./eg25-manager.nix
|
||||
|
|
37
modules/services/dropbear.nix
Normal file
37
modules/services/dropbear.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.sane.services.dropbear;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
sane.services.dropbear = with lib; {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.dropbear;
|
||||
defaultText = literalExpression "pkgs.dropbear";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 22;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.dropbear = {
|
||||
description = "Dropbear SSH Server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "simple";
|
||||
# N.B.: dropbear ssh key format is incompatible with OpenSSH's.
|
||||
# also, needs to be manually generated on first run (`dropbearkey -t rsa -f /etc/ssh/host_keys/dropbear_rsa_host_key -s 4096`)
|
||||
serviceConfig.ExecStart = "${cfg.package}/bin/dropbear -F -p ${builtins.toString cfg.port} -r /etc/ssh/host_keys/dropbear_rsa_host_key -r /etc/ssh/host_keys/dropbear_ed25519_host_key";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user