SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 17:31:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

nebula: Enable firewall and restrict ssh access by role

Browse source
This commit is contained in:
SebastianStork 2026-01-03 00:41:13 +01:00
parent 382dae6cbb
commit 61f5c54196
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
5 changed files with 69 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

25
modules/system/services/nebula/sshd.nix
View file

@ -16,14 +16,25 @@ in
config = lib.mkIf (cfg.enable && cfg.sshd.enable) {
meta.ports.tcp = [ cfg.sshd.port ];
services.openssh = {
enable = true;
openFirewall = false;
ports = [ ];
listenAddresses = lib.singleton {
addr = cfg.address;
inherit (cfg.sshd) port;
services = {
openssh = {
enable = true;
openFirewall = false;
ports = [ ];
listenAddresses = lib.singleton {
addr = cfg.address;
inherit (cfg.sshd) port;
};
};
nebula.networks.mesh.firewall.inbound =
config.custom.services.nebula.peers
|> lib.filter (node: node.isClient)
|> lib.map (nebula: {
port = "22";
proto = "tcp";
host = nebula.name;
});
};
systemd.services.sshd = {