[yevaud] Allow remote root login only from home network

This is hacky and I will come up with a better way of doing remote deployment later
2024-06-05 12:03:57 +01:00 · 2024-06-05 12:03:57 +01:00 · c51b3f5a1a
commit c51b3f5a1a
parent 85b08086fb
1 changed files with 5 additions and 0 deletions
--- a/hosts/yevaud/configuration.nix
+++ b/hosts/yevaud/configuration.nix
@ -30,6 +30,11 @@
    };
  };

+  # Allow remote root login only from home network
+  # TODO: Find a less hacky way of doing remote deployment
+  users.users.root.openssh.authorizedKeys.keys = config.users.users.bluebird.openssh.authorizedKeys.keys;
+  services.openssh.extraConfig = "Match Address 45.14.17.200\n    PermitRootLogin prohibit-password";
+
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  # networking.firewall.allowedUDPPorts = [ ... ];