motiejus
/
config
1
Fork 0
Code Packages Releases Activity

ssh8022: opn global firewall by default

This commit is contained in:
Motiejus Jakštys 2024-08-27 08:39:32 +03:00
parent 96a98405ad
commit 0e48ec63f4
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/fra1-b/configuration.nix
View File

@ -75,6 +75,7 @@ in
ssh8022.server = { ssh8022.server = {
enable = true; enable = true;
keyfile = config.age.secrets.ssh8022-server.path; keyfile = config.age.secrets.ssh8022-server.path;
openGlobalFirewall = false;
}; };
remote-builder.server = { remote-builder.server = {

8
modules/services/ssh8022/default.nix
View File

@ -14,6 +14,10 @@
server = { server = {
enable = lib.mkEnableOption "Enable ssh8022 server"; enable = lib.mkEnableOption "Enable ssh8022 server";
keyfile = lib.mkOption { type = str; }; keyfile = lib.mkOption { type = str; };
openGlobalFirewall = lib.mkOption {
type = bool;
default = true;
};
}; };
}; };
@ -35,7 +39,7 @@
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
mj.services.friendlyport.ports = [ mj.services.friendlyport.ports = lib.mkIf (!cfg.openGlobalFirewall) [
{ {
subnets = [ myData.subnets.tailscale.cidr ]; subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ 22 ]; tcp = [ 22 ];
@ -43,7 +47,7 @@
]; ];
services = { services = {
openssh.openFirewall = false; openssh.openFirewall = cfg.openGlobalFirewall;
spiped = { spiped = {
enable = true; enable = true;