180 lines
3.4 KiB
Terraform
180 lines
3.4 KiB
Terraform
|
variable "base_config_dir" {
|
||
|
type = string
|
||
|
nullable = false
|
||
|
default = "/etc/ssh"
|
||
|
}
|
||
|
|
||
|
variable "use_socket_activation" {
|
||
|
type = bool
|
||
|
nullable = false
|
||
|
default = true
|
||
|
}
|
||
|
|
||
|
variable "listen_unix" {
|
||
|
type = bool
|
||
|
nullable = false
|
||
|
default = false
|
||
|
}
|
||
|
|
||
|
variable "address_family" {
|
||
|
type = string
|
||
|
nullable = false
|
||
|
default = "inet6"
|
||
|
validation {
|
||
|
condition = contains(["any", "inet", "inet6"], var.address_family)
|
||
|
error_message = "Invalid address family."
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "listen_addresses" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = []
|
||
|
validation {
|
||
|
condition = length(var.listen_addresses) == 0 || alltrue([
|
||
|
for listen_address in var.listen_addresses:
|
||
|
can(cidrnetmask("${listen_address}/32")) || can(cidrnetmask("${listen_address}/128"))
|
||
|
])
|
||
|
error_message = "Invalid address."
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "listen_port" {
|
||
|
type = number
|
||
|
nullable = false
|
||
|
default = 22
|
||
|
validation {
|
||
|
condition = var.listen_port > 0 && var.listen_port < 65536
|
||
|
error_message = "Invalid port."
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "ciphers_algos" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = ["chacha20-poly1305@openssh.com"]
|
||
|
}
|
||
|
|
||
|
variable "macs_algos" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = ["hmac-sha2-512-etm@openssh.com"]
|
||
|
}
|
||
|
|
||
|
variable "key_exchange_algos" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = ["sntrup761x25519-sha512@openssh.com", "curve25519-sha256"]
|
||
|
}
|
||
|
|
||
|
variable "host_key_algorithms" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = ["ssh-ed25519"]
|
||
|
}
|
||
|
|
||
|
variable "host_keys" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = []
|
||
|
}
|
||
|
|
||
|
variable "pub_key_accepted_algorithms" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = ["ssh-ed25519"]
|
||
|
}
|
||
|
|
||
|
variable "rekey_limit" {
|
||
|
type = object({
|
||
|
size = string
|
||
|
time = string
|
||
|
})
|
||
|
nullable = false
|
||
|
default = {
|
||
|
size = "1G"
|
||
|
time = "1H"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "allow_users" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = []
|
||
|
}
|
||
|
|
||
|
variable "allow_groups" {
|
||
|
type = list(string)
|
||
|
nullable = false
|
||
|
default = []
|
||
|
}
|
||
|
|
||
|
variable "sftp_only" {
|
||
|
type = bool
|
||
|
nullable = false
|
||
|
default = true
|
||
|
}
|
||
|
|
||
|
variable "allow_tcp_forwarding" {
|
||
|
type = bool
|
||
|
nullable = false
|
||
|
default = false
|
||
|
}
|
||
|
|
||
|
variable "chrooted_users" {
|
||
|
type = list(object({
|
||
|
username = string
|
||
|
chroot = string
|
||
|
ssh_public_key = string
|
||
|
}))
|
||
|
nullable = false
|
||
|
default = []
|
||
|
}
|
||
|
|
||
|
variable "client_alive_count_max" {
|
||
|
type = number
|
||
|
nullable = false
|
||
|
default = 6
|
||
|
validation {
|
||
|
condition = var.client_alive_count_max > 0
|
||
|
error_message = "Invalid Client Alive Count Max."
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "client_alive_interval" {
|
||
|
type = number
|
||
|
nullable = false
|
||
|
default = 10
|
||
|
validation {
|
||
|
condition = var.client_alive_interval > 0
|
||
|
error_message = "Invalid Client Alive Interval."
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "max_auth_tries" {
|
||
|
type = number
|
||
|
nullable = false
|
||
|
default = 10
|
||
|
validation {
|
||
|
condition = var.max_auth_tries > 2
|
||
|
error_message = "Invalid or insufficient Max Auth Tries."
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "max_sessions" {
|
||
|
type = number
|
||
|
nullable = false
|
||
|
default = 10
|
||
|
validation {
|
||
|
condition = var.max_sessions >= 0
|
||
|
error_message = "Invalid or insufficient Max Sessions."
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
variable "max_startup" {
|
||
|
type = string
|
||
|
nullable = false
|
||
|
default = "100:70:1000"
|
||
|
}
|