From d20dd06aaff718fa138d58b4a6d849b627020a17 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Tue, 12 Jan 2021 00:00:34 +0000 Subject: [PATCH] clouvider-lon01: disable SSH open-to-all --- ops/nixos/clouvider-lon01/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index 300fc16b44..3952e7cc27 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -131,7 +131,7 @@ in { }; my.ip.tailscale = "100.79.173.25"; - services.openssh.openFirewall = true; # TODO: make this false once I know it works + services.openssh.openFirewall = false; # allowed by networking.firewall.extraCommands services.openssh.hostKeys = [ { path = "/persist/etc/ssh/ssh_host_ed25519_key";