diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-06-12 00:36:30 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-06-12 00:36:30 -0700 |
commit | 160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba (patch) | |
tree | a4c386f30466473f217f6f594e59009827ebac39 /hosts/darkstar | |
parent | 451af497c6188228e15b5b33ac25295c31f6b1de (diff) | |
download | nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.gz nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.bz2 nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.lz nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.xz nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.tar.zst nix-160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba.zip |
Add custom SSH firewall rules
Diffstat (limited to 'hosts/darkstar')
-rw-r--r-- | hosts/darkstar/default.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 9ed7b76..5ae8ada 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -42,6 +42,9 @@ hostName = "darkstar"; defaultGateway = "192.168.1.1"; domain = "bitgnome.net"; + firewall.extraCommands = '' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; interfaces = { enp116s0 = { ipv4.addresses = [ @@ -60,6 +63,7 @@ # internalInterfaces = [ "enp116s0" ]; #}; nftables.enable = true; + #useDHCP = false; vlans = { vlan201 = { id=201; interface="enp117s0"; }; }; @@ -82,6 +86,7 @@ secrets = { "kea-dhcp4_conf" = {}; + "nftables/ssh" = {}; }; }; |