lightly-toasted/nix-config
1
0
Fork 0
mirror of https://github.com/lightly-toasted/nix-config.git synced 2025-12-10 03:49:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(vps): enable Tailscale SSH

Browse source 
- Remove port 22 from firewall
- Add --ssh to tailscale up flags
This commit is contained in:
toast 2025-11-18 16:12:17 +09:00
parent 2c642a7e32
commit 89d86413dd
3 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/vps/modules/network.nix
View file

@ -5,7 +5,7 @@
networking.domain = ""; networking.domain = "";
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 80 443 ];
}; };
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
} }

1
hosts/vps/modules/services/openssh.nix
View file

@ -1,6 +1,7 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = false;
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";

1
hosts/vps/modules/services/tailscale.nix
View file

@ -8,5 +8,6 @@
authKeyFile = config.sops.secrets."tailscale/authkey".path; authKeyFile = config.sops.secrets."tailscale/authkey".path;
useRoutingFeatures = "both"; useRoutingFeatures = "both";
permitCertUid = "caddy"; permitCertUid = "caddy";
extraUpFlags = [ "--ssh" ];
}; };
} }