Networking: add ssh and more firewall rules

This commit is contained in:
blahai 2025-01-27 16:07:24 +02:00
parent 6fc5cef4cb
commit 2a57b163e6
No known key found for this signature in database
3 changed files with 25 additions and 3 deletions

View file

@ -1,5 +1,30 @@
{
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
in {
imports = [
./fail2ban.nix
];
config = {
networking.firewall = {
enable = true;
package = pkgs.iptables;
allowedTCPPorts = [
443
80
];
allowedUDPPorts = [];
# make a much smaller and easier to read log
logReversePathDrops = true;
logRefusedConnections = false;
checkReversePath = mkForce false;
};
};
}

View file

@ -1,7 +1,6 @@
{...}: {
services.openssh = {
enable = true;
startWhenNeeded = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;