clouvider-lon01: only listen on specified IPs
This commit is contained in:
parent
4396210e5d
commit
07b76f5cf9
1 changed files with 19 additions and 5 deletions
|
@ -110,14 +110,28 @@ in {
|
|||
map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253));
|
||||
ipv6.addresses = [{ address = "::1"; prefixLength = 128; }];
|
||||
};
|
||||
firewall.allowPing = true;
|
||||
firewall.allowedTCPPorts = [
|
||||
firewall = {
|
||||
allowPing = true;
|
||||
allowedTCPPorts = [
|
||||
80 443 # HTTP/nginx
|
||||
6697 # znc
|
||||
];
|
||||
};
|
||||
};
|
||||
my.ip.tailscale = "100.79.173.25";
|
||||
|
||||
services.openssh.listenAddresses = [{
|
||||
addr = config.my.ip.tailscale; port = 22;
|
||||
}] ++ (let
|
||||
inherit (builtins) map concatMap;
|
||||
in
|
||||
map
|
||||
(addr: { inherit addr; port = 22; })
|
||||
(concatMap
|
||||
(intf:
|
||||
(map (addr: addr.address) (intf.ipv4.addresses)) ++
|
||||
(map (addr: "[${addr.address}]") (intf.ipv6.addresses)))
|
||||
(with config.networking.interfaces; [ br-ext ])));
|
||||
services.openssh.hostKeys = [
|
||||
{
|
||||
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
||||
|
|
Loading…
Reference in a new issue