Merge pull request 'security/close-ssh' (#128 ) from security/close-ssh into main

Reviewed-on: #128 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar> Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
ssh: only allow ssh on wireguard interface
2024-04-05 12:51:04 +00:00 · 2024-04-05 14:28:18 +02:00
1 changed files with 5 additions and 1 deletions
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -1,6 +1,10 @@
-{ pkgs, ... }: {
+{ pkgs, lib, ... }: {
  # Don't expose SSH via public interfaces
  networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
  services.openssh = {
    enable = true;
    openFirewall = lib.mkDefault false;
    settings = {
      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
Author	SHA1	Message	Date
b12f	2851273d18	Merge pull request 'security/close-ssh' (#128 ) from security/close-ssh into main Reviewed-on: #128 Reviewed-by: teutat3s <teutat3s@noreply.git.pub.solar> Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>	2024-04-05 12:51:04 +00:00
Benjamin Yule Bädorf	b1519c8f22	ssh: only allow ssh on wireguard interface All checks were successful Flake checks / Check (pull_request) Successful in 8m16s Details	2024-04-05 14:28:18 +02:00