clouvider-lon01: only listen on specified IPs

This commit is contained in:
Luke Granger-Brown 2020-11-07 14:20:46 +00:00
parent 4396210e5d
commit 07b76f5cf9

View file

@ -110,14 +110,28 @@ in {
map (n: { address = "92.118.29.${toString n}"; prefixLength = 32; }) (lib.range 225 253));
ipv6.addresses = [{ address = "::1"; prefixLength = 128; }];
};
firewall.allowPing = true;
firewall.allowedTCPPorts = [
80 443 # HTTP/nginx
6697 # znc
];
firewall = {
allowPing = true;
allowedTCPPorts = [
80 443 # HTTP/nginx
6697 # znc
];
};
};
my.ip.tailscale = "100.79.173.25";
services.openssh.listenAddresses = [{
addr = config.my.ip.tailscale; port = 22;
}] ++ (let
inherit (builtins) map concatMap;
in
map
(addr: { inherit addr; port = 22; })
(concatMap
(intf:
(map (addr: addr.address) (intf.ipv4.addresses)) ++
(map (addr: "[${addr.address}]") (intf.ipv6.addresses)))
(with config.networking.interfaces; [ br-ext ])));
services.openssh.hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";