Compare commits

...

2 commits

Author SHA1 Message Date
b12f 2851273d18
Merge pull request 'security/close-ssh' (#128) from security/close-ssh into main
Reviewed-on: #128
Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar>
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-05 12:51:04 +00:00
Benjamin Yule Bädorf b1519c8f22
ssh: only allow ssh on wireguard interface
All checks were successful
Flake checks / Check (pull_request) Successful in 8m16s
2024-04-05 14:28:18 +02:00

View file

@ -1,6 +1,10 @@
{ pkgs, ... }: {
{ pkgs, lib, ... }: {
# Don't expose SSH via public interfaces
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
openFirewall = lib.mkDefault false;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;