SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 15:29:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sshd: Make sure to only ever listen on overlay address

Browse source
This commit is contained in:
SebastianStork 2026-01-23 11:26:59 +01:00
parent a2827a95f2
commit 3a669dd8fd
Signed by: SebastianStork
SSH key fingerprint: SHA256:iEM011ogNMG1q8+U500adGu/9rpPuZ2KnFtbdLeqTiI
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/system/services/sshd.nix
View file

@ -16,7 +16,7 @@ in
openssh = { openssh = {
enable = true; enable = true;
openFirewall = false; openFirewall = false;
ports = [ ]; ports = lib.mkForce [ ];
listenAddresses = lib.singleton { listenAddresses = lib.singleton {
addr = netCfg.overlay.address; addr = netCfg.overlay.address;
port = 22; port = 22;
@ -46,7 +46,7 @@ in
users.users.seb.openssh.authorizedKeys.keyFiles = users.users.seb.openssh.authorizedKeys.keyFiles =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.networking.hostName != netCfg.hostName) |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh) |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh)
|> lib.filter (ssh: ssh.enable) |> lib.filter (ssh: ssh.enable)