From 04a5481eae0379165dcfc4b6ca70ef66d1d33d62 Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Tue, 16 Jul 2024 09:01:17 -0700
Subject: Close SSH through firewall by default

---
 hosts/ginaz/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'hosts/ginaz')

diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix
index 3812f41..67fd037 100644
--- a/hosts/ginaz/default.nix
+++ b/hosts/ginaz/default.nix
@@ -43,7 +43,11 @@
     nftables.enable = true;
   };
 
-  services.openssh.settings.X11Forwarding = true;
+  services.openssh = {
+    openFirewall = true;
+    settings.X11Forwarding = true;
+  };
+
   services.xserver.videoDrivers = [ "amdgpu" ];
 
   sops = {
-- 
cgit v1.2.3