pub-solar/infra
6
1
Fork 3
Code Issues 16 Pull requests 7 Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'security/close-ssh' (#128) from security/close-ssh into main

Browse source 
Reviewed-on: #128
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
b12f 2024-04-05 12:51:04 +00:00
parent f7eaef0d18 b1519c8f22
commit 2851273d18
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/networking.nix
View file

@ -1,6 +1,10 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
# Don't expose SSH via public interfaces
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;