From 8deb2cb47da533f2874ba14ce4d05782c5c4812d Mon Sep 17 00:00:00 2001
From: Brian Zalewski <brian@megabyte.space>
Date: Wed, 1 Feb 2023 21:30:51 +0000
Subject: [PATCH] Update 2 files

- /home/.chezmoidata.yaml
- /home/private_dot_ssh/system/run_onchange_after_sshd.tmpl
---
 home/.chezmoidata.yaml                                   | 1 +
 home/private_dot_ssh/system/run_onchange_after_sshd.tmpl | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml
index 248d5314..84d0b68e 100644
--- a/home/.chezmoidata.yaml
+++ b/home/.chezmoidata.yaml
@@ -812,6 +812,7 @@ softwareGroups:
     - *Essentials
     - endlessh
     - fail2ban
+    - openssh-server
   _Basic-Desktop: &_Basic-Desktop
     - *_Basic
     - *Essentials-Desktop
diff --git a/home/private_dot_ssh/system/run_onchange_after_sshd.tmpl b/home/private_dot_ssh/system/run_onchange_after_sshd.tmpl
index a9cee4ba..617cb22f 100644
--- a/home/private_dot_ssh/system/run_onchange_after_sshd.tmpl
+++ b/home/private_dot_ssh/system/run_onchange_after_sshd.tmpl
@@ -16,6 +16,13 @@ if [[ ! "$(grep Microsoft /proc/version)" ]]; then
         logg info 'Copying ~/.ssh/system/sshd_config to /etc/ssh/sshd_config'
         sudo cp -f "$HOME/.ssh/system/sshd_config" /etc/ssh/sshd_config
 
+        if command -v semanage > /dev/null; then
+            logg info 'Apply SELinux configuration addressing custom SSH port'
+            sudo semanage port -a -t ssh_port_t -p tcp {{ .host.ssh.port }}
+            logg info 'Allow NIS SSHD'
+            sudo setsebool -P nis_enabled 1
+        fi
+
         ### Restart SSH server
         if [ -d /Applications ] && [ -d /System ]; then
             # macOS