qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

[yevaud] Allow remote root login only from home network

Browse source 
This is hacky and I will come up with a better way of doing remote deployment later
This commit is contained in:
Katherina Walshe-Grey 2024-06-05 12:03:57 +01:00
parent 85b08086fb
commit c51b3f5a1a
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/yevaud/configuration.nix
View file

@ -30,6 +30,11 @@
}; };
}; };
# Allow remote root login only from home network
# TODO: Find a less hacky way of doing remote deployment
users.users.root.openssh.authorizedKeys.keys = config.users.users.bluebird.openssh.authorizedKeys.keys;
services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password";
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];