motiejus/config
1
Fork 0
Code Packages Releases Activity

fra1-b: block global sshd

Browse Source
This commit is contained in:
Motiejus Jakštys
2024-08-27 08:36:02 +03:00
parent d91976dafc
commit 96a98405ad
2 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/services/ssh8022/default.nix
View File

@@ -34,14 +34,26 @@
cfg = config.mj.services.ssh8022.server;
in
lib.mkIf cfg.enable {
services.spiped = {
enable = true;
config = {
ssh8022 = {
inherit (cfg) keyfile;
decrypt = true;
source = "[0.0.0.0]:8022";
target = "127.0.0.1:22";
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ 22 ];
}
];
services = {
openssh.openFirewall = false;
spiped = {
enable = true;
config = {
ssh8022 = {
inherit (cfg) keyfile;
decrypt = true;
source = "[0.0.0.0]:8022";
target = "127.0.0.1:22";
};
};
};
};