From c51b3f5a1a630870dd1b755c73bc90a3b7564200 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 12:03:57 +0100 Subject: [PATCH] [yevaud] Allow remote root login only from home network This is hacky and I will come up with a better way of doing remote deployment later --- hosts/yevaud/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 4e3176d..89f7bd0 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -30,6 +30,11 @@ }; }; + # Allow remote root login only from home network + # TODO: Find a less hacky way of doing remote deployment + users.users.root.openssh.authorizedKeys.keys = config.users.users.bluebird.openssh.authorizedKeys.keys; + services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # networking.firewall.allowedUDPPorts = [ ... ];