motiejus/config

NixOS config
git clone https://git.jakstys.lt/motiejus/config.git
Log | Tree | Refs | README | LICENSE

commit 0e48ec63f46f280982fe8226348bb6e8f693d5ef (tree)
parent 96a98405ad29609303fae8ef74349d30988b4a53
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Tue, 27 Aug 2024 08:39:32 +0300

ssh8022: opn global firewall by default

Diffstat:
Mhosts/fra1-b/configuration.nix | 1+
Mmodules/services/ssh8022/default.nix | 8++++++--
2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix @@ -75,6 +75,7 @@ in ssh8022.server = { enable = true; keyfile = config.age.secrets.ssh8022-server.path; + openGlobalFirewall = false; }; remote-builder.server = { diff --git a/modules/services/ssh8022/default.nix b/modules/services/ssh8022/default.nix @@ -14,6 +14,10 @@ server = { enable = lib.mkEnableOption "Enable ssh8022 server"; keyfile = lib.mkOption { type = str; }; + openGlobalFirewall = lib.mkOption { + type = bool; + default = true; + }; }; }; @@ -35,7 +39,7 @@ in lib.mkIf cfg.enable { - mj.services.friendlyport.ports = [ + mj.services.friendlyport.ports = lib.mkIf (!cfg.openGlobalFirewall) [ { subnets = [ myData.subnets.tailscale.cidr ]; tcp = [ 22 ]; @@ -43,7 +47,7 @@ ]; services = { - openssh.openFirewall = false; + openssh.openFirewall = cfg.openGlobalFirewall; spiped = { enable = true;