diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-07-16 09:01:17 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-07-16 09:01:17 -0700 |
commit | 04a5481eae0379165dcfc4b6ca70ef66d1d33d62 (patch) | |
tree | 55960aa30bf75dc396a0ba16e591a8179002c13e | |
parent | d71d2bd7112b4085d67c3ca775b7b38185fd4be2 (diff) | |
download | nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.gz nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.bz2 nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.lz nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.xz nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.zst nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.zip |
Close SSH through firewall by default
-rw-r--r-- | hosts/arrakis/default.nix | 6 | ||||
-rw-r--r-- | hosts/common/optional/services/openssh.nix | 1 | ||||
-rw-r--r-- | hosts/darkstar/default.nix | 2 | ||||
-rw-r--r-- | hosts/ginaz/default.nix | 6 |
4 files changed, 12 insertions, 3 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index e1cd540..e8b32d2 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -41,7 +41,11 @@ nftables.enable = true; }; - services.openssh.settings.X11Forwarding = true; + services.openssh = { + openFirewall = true; + settings.X11Forwarding = true; + }; + services.xserver.videoDrivers = [ "nvidia" ]; #sops = { diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix index 33cdbac..424d3bf 100644 --- a/hosts/common/optional/services/openssh.nix +++ b/hosts/common/optional/services/openssh.nix @@ -1,7 +1,6 @@ { services.openssh = { enable = true; - openFirewall = true; settings = { KbdInteractiveAuthentication = false; PasswordAuthentication = false; diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index b9b4e39..0e4541d 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -79,6 +79,8 @@ #}; }; + services.openssh.openFirewall = true; + sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/darkstar.yaml; diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index 3812f41..67fd037 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -43,7 +43,11 @@ nftables.enable = true; }; - services.openssh.settings.X11Forwarding = true; + services.openssh = { + openFirewall = true; + settings.X11Forwarding = true; + }; + services.xserver.videoDrivers = [ "amdgpu" ]; sops = { |