From b44ad8b552e1e8479347b9e96c7c9b9c0bd508c6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 29 May 2024 10:30:33 +0200 Subject: [PATCH] metronom: use wireguard IP for SSH, lock down SSH port access to wireguard only --- flake.nix | 2 +- hosts/metronom/wireguard.nix | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.nix b/flake.nix index a9e1e6d..d96ccf7 100644 --- a/flake.nix +++ b/flake.nix @@ -127,7 +127,7 @@ sshUser = username; }; metronom = { - hostname = "49.13.236.167"; + hostname = "10.7.6.3"; sshUser = username; }; tankstelle = { diff --git a/hosts/metronom/wireguard.nix b/hosts/metronom/wireguard.nix index ff736a0..0eef697 100644 --- a/hosts/metronom/wireguard.nix +++ b/hosts/metronom/wireguard.nix @@ -41,14 +41,14 @@ }; }; - #services.openssh.listenAddresses = [ - # { - # addr = "10.7.6.3"; - # port = 22; - # } - # { - # addr = "[fd00:fae:fae:fae:fae:3::]"; - # port = 22; - # } - #]; + services.openssh.listenAddresses = [ + { + addr = "10.7.6.3"; + port = 22; + } + { + addr = "[fd00:fae:fae:fae:fae:3::]"; + port = 22; + } + ]; }