iac/modules/sshd/variables.tf

180 lines
3.4 KiB
Terraform
Raw Normal View History

2024-06-04 09:25:59 +00:00
variable "base_config_dir" {
type = string
nullable = false
default = "/etc/ssh"
}
variable "use_socket_activation" {
type = bool
nullable = false
default = true
}
variable "listen_unix" {
type = bool
nullable = false
default = false
}
variable "address_family" {
type = string
nullable = false
default = "inet6"
validation {
condition = contains(["any", "inet", "inet6"], var.address_family)
error_message = "Invalid address family."
}
}
variable "listen_addresses" {
type = list(string)
nullable = false
default = []
validation {
condition = length(var.listen_addresses) == 0 || alltrue([
for listen_address in var.listen_addresses:
can(cidrnetmask("${listen_address}/32")) || can(cidrnetmask("${listen_address}/128"))
])
error_message = "Invalid address."
}
}
variable "listen_port" {
type = number
nullable = false
default = 22
validation {
condition = var.listen_port > 0 && var.listen_port < 65536
error_message = "Invalid port."
}
}
variable "ciphers_algos" {
type = list(string)
nullable = false
default = ["chacha20-poly1305@openssh.com"]
}
variable "macs_algos" {
type = list(string)
nullable = false
default = ["hmac-sha2-512-etm@openssh.com"]
}
variable "key_exchange_algos" {
type = list(string)
nullable = false
default = ["sntrup761x25519-sha512@openssh.com", "curve25519-sha256"]
}
variable "host_key_algorithms" {
type = list(string)
nullable = false
default = ["ssh-ed25519"]
}
variable "host_keys" {
type = list(string)
nullable = false
default = []
}
variable "pub_key_accepted_algorithms" {
type = list(string)
nullable = false
default = ["ssh-ed25519"]
}
variable "rekey_limit" {
type = object({
size = string
time = string
})
nullable = false
default = {
size = "1G"
time = "1H"
}
}
variable "allow_users" {
type = list(string)
nullable = false
default = []
}
variable "allow_groups" {
type = list(string)
nullable = false
default = []
}
variable "sftp_only" {
type = bool
nullable = false
default = true
}
variable "allow_tcp_forwarding" {
type = bool
nullable = false
default = false
}
variable "chrooted_users" {
type = list(object({
username = string
chroot = string
ssh_public_key = string
}))
nullable = false
default = []
}
variable "client_alive_count_max" {
type = number
nullable = false
default = 6
validation {
condition = var.client_alive_count_max > 0
error_message = "Invalid Client Alive Count Max."
}
}
variable "client_alive_interval" {
type = number
nullable = false
default = 10
validation {
condition = var.client_alive_interval > 0
error_message = "Invalid Client Alive Interval."
}
}
variable "max_auth_tries" {
type = number
nullable = false
default = 10
validation {
condition = var.max_auth_tries > 2
error_message = "Invalid or insufficient Max Auth Tries."
}
}
variable "max_sessions" {
type = number
nullable = false
default = 10
validation {
condition = var.max_sessions >= 0
error_message = "Invalid or insufficient Max Sessions."
}
}
variable "max_startup" {
type = string
nullable = false
default = "100:70:1000"
}