aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/darkstar
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-06-12 00:36:30 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-06-12 00:36:30 -0700
commit160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba (patch)
treea4c386f30466473f217f6f594e59009827ebac39 /hosts/darkstar
parent451af497c6188228e15b5b33ac25295c31f6b1de (diff)
downloadnix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar
nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.gz
nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.bz2
nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.lz
nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.xz
nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.zst
nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.zip
Add custom SSH firewall rules
Diffstat (limited to '')
-rw-r--r--hosts/darkstar/default.nix5
1 files changed, 5 insertions, 0 deletions
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index 9ed7b76..5ae8ada 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -42,6 +42,9 @@
hostName = "darkstar";
defaultGateway = "192.168.1.1";
domain = "bitgnome.net";
+ firewall.extraCommands = ''
+ ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
+ '';
interfaces = {
enp116s0 = {
ipv4.addresses = [
@@ -60,6 +63,7 @@
# internalInterfaces = [ "enp116s0" ];
#};
nftables.enable = true;
+ #useDHCP = false;
vlans = {
vlan201 = { id=201; interface="enp117s0"; };
};
@@ -82,6 +86,7 @@
secrets = {
"kea-dhcp4_conf" = {};
+ "nftables/ssh" = {};
};
};