From 160a113cd3fcc57c8db3a1be20ca1e4b4bdaf0ba Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Wed, 12 Jun 2024 00:36:30 -0700 Subject: Add custom SSH firewall rules --- hosts/darkstar/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'hosts/darkstar/default.nix') diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 9ed7b76..5ae8ada 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -42,6 +42,9 @@ hostName = "darkstar"; defaultGateway = "192.168.1.1"; domain = "bitgnome.net"; + firewall.extraCommands = '' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; interfaces = { enp116s0 = { ipv4.addresses = [ @@ -60,6 +63,7 @@ # internalInterfaces = [ "enp116s0" ]; #}; nftables.enable = true; + #useDHCP = false; vlans = { vlan201 = { id=201; interface="enp117s0"; }; }; @@ -82,6 +86,7 @@ secrets = { "kea-dhcp4_conf" = {}; + "nftables/ssh" = {}; }; }; -- cgit v1.2.3