From 42cdc5b5084cc6126d5b961ac9ae23b17dd2d09b Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Tue, 25 Feb 2025 02:16:44 +0700
Subject: [PATCH] :wrench: enable mosh ports by default

---
 components/network/sshd/default.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/components/network/sshd/default.nix b/components/network/sshd/default.nix
index 2b80a1d..1743f4f 100644
--- a/components/network/sshd/default.nix
+++ b/components/network/sshd/default.nix
@@ -36,6 +36,13 @@ in
         make sure ssh is only available trough the tinc
       '';
     };
+    allowMosh = mkOption {
+      type = bool;
+      default = true;
+      description = ''
+        make mosh port available
+      '';
+    };
   };
 
   config = mkMerge [
@@ -69,6 +76,16 @@ in
         iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
       '';
     })
+
+    (mkIf (cfg.allowMosh && cfg.enable) {
+      networking.firewall.allowedUDPPortRanges = [
+        {
+          from = 60000;
+          to = 61000;
+        }
+      ];
+    })
+
   ];
 
 }