devins.page
configurations for my servers and desktops
nix
nixos
flake
dots
dotfiles
feat: restrict openssh connections only needed on bluepill
+6
+6
hosts/bluepill/default.nix
+6
hosts/bluepill/default.nix
···
19
19
networking.hostName = "bluepill";
20
20
networking.useNetworkd = true;
21
21
22
+
services.openssh.extraConfig = ''
23
+
# for all users other than git, only allow from lan and Tailscale
24
+
Match User *,!git Address !192.168.4.0/22,!100.64.0.0/10,!127.0.0.1
25
+
DenyUsers *
26
+
'';
27
+
22
28
system.autoUpgrade = {
23
29
enable = true;
24
30
flake = "github:intergrav/flake";