26 lines
452 B
Nix
26 lines
452 B
Nix
{
|
|
config,
|
|
lib,
|
|
myData,
|
|
...
|
|
}: {
|
|
options.mj.base.sshguard = with lib.types; {
|
|
enable = lib.mkOption {
|
|
type = bool;
|
|
default = true;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.mj.base.sshguard.enable {
|
|
services.sshguard = {
|
|
enable = true;
|
|
blocktime = 900;
|
|
whitelist = [
|
|
"192.168.0.0/16"
|
|
myData.tailscale_subnet.cidr
|
|
myData.hosts."vno1-oh2.servers.jakst".publicIP
|
|
];
|
|
};
|
|
};
|
|
}
|