pub-solar/infra
6
1
Fork 3
Code Issues 16 Pull requests 6 Actions Packages Projects 1 Releases Wiki Activity

ssh: only allow ssh on wireguard interface
Some checks failed
Flake checks / Check (pull_request) Failing after 3m16s
Details

Browse source
This commit is contained in:
Benjamin Yule Bädorf 2024-04-05 13:05:45 +02:00
parent 861535b573
commit a3c5c384d5
Signed by: b12f
GPG key ID: 729956E1124F8F26
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/networking.nix
View file

@ -1,6 +1,10 @@
{ pkgs, ... }: {
# Don't expose SSH via public interfaces
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;