Commit `534c8abcdfc5`

Vincent Demeester <vincent@sbr.pm>

2025-06-14 00:32:52

systems/kerkouane: hardened, specific openssh configuration

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent f42c7b6

Changed files (1)

systems

kerkouane

extra.nix

@@ -11,6 +11,17 @@
     # ../common/services/govanityurl.nix
   ];
 
+  services.openssh = {
+    listenAddresses = [
+      {
+        addr = builtins.head globals.machines.kerkouane.net.vpn.ips;
+        port = 22;
+      }
+    ];
+    openFirewall = false;
+    passwordAuthentication = false;
+    permitRootLogin = "without-password";
+  };
   services.wireguard.server = {
     enable = true;
     inherit (globals.machines.kerkouane.net.vpn) ips;

Commit 534c8abcdfc5

Commit `534c8abcdfc5`