aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-07-16 09:01:17 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-07-16 09:01:17 -0700
commit04a5481eae0379165dcfc4b6ca70ef66d1d33d62 (patch)
tree55960aa30bf75dc396a0ba16e591a8179002c13e
parentd71d2bd7112b4085d67c3ca775b7b38185fd4be2 (diff)
downloadnix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar
nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.gz
nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.bz2
nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.lz
nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.xz
nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.tar.zst
nix-04a5481eae0379165dcfc4b6ca70ef66d1d33d62.zip
Close SSH through firewall by default
-rw-r--r--hosts/arrakis/default.nix6
-rw-r--r--hosts/common/optional/services/openssh.nix1
-rw-r--r--hosts/darkstar/default.nix2
-rw-r--r--hosts/ginaz/default.nix6
4 files changed, 12 insertions, 3 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index e1cd540..e8b32d2 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -41,7 +41,11 @@
nftables.enable = true;
};
- services.openssh.settings.X11Forwarding = true;
+ services.openssh = {
+ openFirewall = true;
+ settings.X11Forwarding = true;
+ };
+
services.xserver.videoDrivers = [ "nvidia" ];
#sops = {
diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix
index 33cdbac..424d3bf 100644
--- a/hosts/common/optional/services/openssh.nix
+++ b/hosts/common/optional/services/openssh.nix
@@ -1,7 +1,6 @@
{
services.openssh = {
enable = true;
- openFirewall = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index b9b4e39..0e4541d 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -79,6 +79,8 @@
#};
};
+ services.openssh.openFirewall = true;
+
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../secrets/darkstar.yaml;
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix
index 3812f41..67fd037 100644
--- a/hosts/ginaz/default.nix
+++ b/hosts/ginaz/default.nix
@@ -43,7 +43,11 @@
nftables.enable = true;
};
- services.openssh.settings.X11Forwarding = true;
+ services.openssh = {
+ openFirewall = true;
+ settings.X11Forwarding = true;
+ };
+
services.xserver.videoDrivers = [ "amdgpu" ];
sops = {