boltless.me
close #269
+9
-2
nix/modules/knot.nix
+9
-2
nix/modules/knot.nix
···
32
32
description = "User that hosts git repos and performs git operations";
33
33
};
34
34
35
+
sshPorts = mkOption {
36
+
type = types.listOf types.port;
37
+
default = [22];
38
+
description = "Specifies ports used for ssh";
39
+
};
40
+
35
41
openFirewall = mkOption {
36
42
type = types.bool;
37
43
default = true;
38
-
description = "Open port 22 in the firewall for ssh";
44
+
description = "Open ssh port in the firewall";
39
45
};
40
46
41
47
stateDir = mkOption {
···
138
144
139
145
services.openssh = {
140
146
enable = true;
147
+
ports = cfg.sshPorts;
141
148
extraConfig = ''
142
149
Match User ${cfg.gitUser}
143
150
AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper
···
206
213
};
207
214
};
208
215
209
-
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [22];
216
+
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall cfg.sshPorts;
210
217
};
211
218
}