variable "base_config_dir" {
    type = string
    nullable = false
    default = "/etc/ssh"
}

variable "use_socket_activation" {
    type = bool
    nullable = false
    default = true
}

variable "listen_unix" {
    type = bool
    nullable = false
    default = false
}

variable "address_family" {
    type = string
    nullable = false
    default = "inet6"
    validation {
      condition = contains(["any", "inet", "inet6"], var.address_family)
      error_message = "Invalid address family."
    }
}

variable "listen_addresses" {
    type = list(string)
    nullable = false
    default = []
    validation {
      condition = length(var.listen_addresses) == 0 || alltrue([
        for listen_address in var.listen_addresses:
        can(cidrnetmask("${listen_address}/32")) || can(cidrnetmask("${listen_address}/128"))
      ])
      error_message = "Invalid address."
    }
}

variable "listen_port" {
    type = number
    nullable = false
    default = 22
    validation {
      condition = var.listen_port > 0 && var.listen_port < 65536
      error_message = "Invalid port."
    }
}

variable "ciphers_algos" {
    type = list(string)
    nullable = false
    default = ["chacha20-poly1305@openssh.com"]
}

variable "macs_algos" {
    type = list(string)
    nullable = false
    default = ["hmac-sha2-512-etm@openssh.com"]
}

variable "key_exchange_algos" {
    type = list(string)
    nullable = false
    default = ["sntrup761x25519-sha512@openssh.com", "curve25519-sha256"]
}

variable "host_key_algorithms" {
    type = list(string)
    nullable = false
    default = ["ssh-ed25519"]
}

variable "host_keys" {
    type = list(string)
    nullable = false
    default = []
}

variable "pub_key_accepted_algorithms" {
    type = list(string)
    nullable = false
    default = ["ssh-ed25519"]
}

variable "rekey_limit" {
    type = object({
      size = string
      time = string
    })
    nullable = false
    default = {
        size = "1G"
        time = "1H"
    }
}

variable "allow_users" {
    type = list(string)
    nullable = false
    default = []
}

variable "allow_groups" {
    type = list(string)
    nullable = false
    default = []     
}

variable "sftp_only" {
    type = bool
    nullable = false
    default = true
}

variable "allow_tcp_forwarding" {
    type = bool
    nullable = false
    default = false
}

variable "chrooted_users" {
    type = list(object({
        username = string
        chroot = string
        ssh_public_key = string
    }))
    nullable = false
    default = []
}

variable "client_alive_count_max" {
    type = number
    nullable = false
    default = 6
    validation {
      condition = var.client_alive_count_max > 0
      error_message = "Invalid Client Alive Count Max."
    }
}

variable "client_alive_interval" {
    type = number
    nullable = false
    default = 10
    validation {
        condition = var.client_alive_interval > 0
        error_message = "Invalid Client Alive Interval."
    }
}

variable "max_auth_tries" {
    type = number
    nullable = false
    default = 10
    validation {
      condition = var.max_auth_tries > 2
      error_message = "Invalid or insufficient Max Auth Tries."
    }
}

variable "max_sessions" {
    type = number
    nullable = false
    default = 10
    validation {
      condition = var.max_sessions >= 0
      error_message = "Invalid or insufficient Max Sessions."
    }

}

variable "max_startup" {
    type = string
    nullable = false
    default = "100:70:1000"
}