From 3379ffe5684a44f74273ebe261b836917da57a8c Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Sat, 22 Feb 2025 13:09:59 +0100 Subject: [PATCH] ts sshd --- hosts/nixos/bjarte/configuration.nix | 2 +- hosts/nixos/bolle/configuration.nix | 2 +- hosts/nixos/eple/configuration.nix | 2 +- hosts/nixos/garp/configuration.nix | 2 +- hosts/nixos/hasselknippe/configuration.nix | 2 +- hosts/nixos/nord/configuration.nix | 2 +- hosts/nixos/noximilien/configuration.nix | 2 +- hosts/nixos/sopp/configuration.nix | 2 +- profiles/{sshd.nix => sshd/default.nix} | 0 profiles/sshd/ts-only.nix | 6 ++++++ 10 files changed, 14 insertions(+), 8 deletions(-) rename profiles/{sshd.nix => sshd/default.nix} (100%) create mode 100644 profiles/sshd/ts-only.nix diff --git a/hosts/nixos/bjarte/configuration.nix b/hosts/nixos/bjarte/configuration.nix index 3a56ee5..ace8b44 100644 --- a/hosts/nixos/bjarte/configuration.nix +++ b/hosts/nixos/bjarte/configuration.nix @@ -21,7 +21,7 @@ imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd/ts-only.nix #../../../profiles/no-suspend.nix ../../../profiles/oci/podman.nix #../../../profiles/oci/docker.nix diff --git a/hosts/nixos/bolle/configuration.nix b/hosts/nixos/bolle/configuration.nix index f3caf23..eb9675d 100644 --- a/hosts/nixos/bolle/configuration.nix +++ b/hosts/nixos/bolle/configuration.nix @@ -11,7 +11,7 @@ imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd ../../../profiles/nix-cgroups.nix ../../../users/pbsds diff --git a/hosts/nixos/eple/configuration.nix b/hosts/nixos/eple/configuration.nix index 2def1af..df0351f 100644 --- a/hosts/nixos/eple/configuration.nix +++ b/hosts/nixos/eple/configuration.nix @@ -13,7 +13,7 @@ imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd ../../../profiles/nix-cgroups.nix ../../../users/pbsds diff --git a/hosts/nixos/garp/configuration.nix b/hosts/nixos/garp/configuration.nix index 06c7e7e..ead2080 100644 --- a/hosts/nixos/garp/configuration.nix +++ b/hosts/nixos/garp/configuration.nix @@ -22,7 +22,7 @@ imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd ../../../profiles/nix-cgroups.nix #../../../profiles/no-suspend.nix #../../../profiles/oci/podman.nix diff --git a/hosts/nixos/hasselknippe/configuration.nix b/hosts/nixos/hasselknippe/configuration.nix index a3aa100..d289881 100644 --- a/hosts/nixos/hasselknippe/configuration.nix +++ b/hosts/nixos/hasselknippe/configuration.nix @@ -14,7 +14,7 @@ #./hardware-configuration.nix ../../../profiles/auto-upgrade.nix ../../../profiles/upgrade-diff.nix - #../../../profiles/sshd.nix + #../../../profiles/sshd #../../../profiles/no-suspend.nix ../../../users/pbsds diff --git a/hosts/nixos/nord/configuration.nix b/hosts/nixos/nord/configuration.nix index 67345a0..f3e234c 100644 --- a/hosts/nixos/nord/configuration.nix +++ b/hosts/nixos/nord/configuration.nix @@ -15,7 +15,7 @@ imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd #../../../profiles/oci/podman.nix #../../../profiles/oci/docker.nix diff --git a/hosts/nixos/noximilien/configuration.nix b/hosts/nixos/noximilien/configuration.nix index 0a209c5..584ccf4 100644 --- a/hosts/nixos/noximilien/configuration.nix +++ b/hosts/nixos/noximilien/configuration.nix @@ -6,7 +6,7 @@ boot.loader.grub.useOSProber = true; imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd #../../../profiles/oci/podman.nix #./yt-dlp-archive.nix diff --git a/hosts/nixos/sopp/configuration.nix b/hosts/nixos/sopp/configuration.nix index e7003fd..82b34c8 100644 --- a/hosts/nixos/sopp/configuration.nix +++ b/hosts/nixos/sopp/configuration.nix @@ -38,7 +38,7 @@ imports = [ ./hardware-configuration.nix - ../../../profiles/sshd.nix + ../../../profiles/sshd ../../../profiles/no-suspend.nix #../../../profiles/oci/podman.nix ../../../profiles/oci/docker.nix diff --git a/profiles/sshd.nix b/profiles/sshd/default.nix similarity index 100% rename from profiles/sshd.nix rename to profiles/sshd/default.nix diff --git a/profiles/sshd/ts-only.nix b/profiles/sshd/ts-only.nix new file mode 100644 index 0000000..2efc996 --- /dev/null +++ b/profiles/sshd/ts-only.nix @@ -0,0 +1,6 @@ +{ config, ... }: +{ + imports = [ ./default.nix ]; + services.openssh.openFirewall = false; + networking.firewall.interfaces.tailscale0.allowedTCPPorts = config.services.openssh.ports; +}