Begin work on SSH for Tangled Knot · encode42.dev/nixos@21adfdd

encode42.dev / nixos

fork atom

Personal-use NixOS configuration

fork atom

Begin work on SSH for Tangled Knot

encode42.dev 4 weeks ago 21adfdd2 3e4fc2d8

+16 -3

4 changed files

expand all

hosts

index

config

atmosphere

tangled-knot.nix

ssh.nix

default.nix

packages

server

atmosphere

tangled-knot.nix

+5 -1

hosts/index/config/atmosphere/tangled-knot.nix

··· 1 - { flakeRoot, ... }: 1 + { config, flakeRoot, ... }: 2 2 3 3 let 4 4 host = "knot.encrypted.group"; ··· 29 29 30 30 owner = "did:plc:2uoarm26m6b24zqbq7h2kpqs"; 31 31 }; 32 + 33 + openFirewall = true; 32 34 }; 35 + 36 + services.openssh.settings.AllowUsers = [ config.services.tangled.knot.gitUser ]; 33 37 }

hosts/index/config/ssh.nix

··· 1 + { 2 + services.openssh = { 3 + extraConfig = '' 4 + Match Address 192.168.1.0/24 5 + AllowUsers * 6 + ''; 7 + }; 8 + }

+2 -1

hosts/index/default.nix

··· 23 23 (flakeRoot + /packages/server/iperf.nix) 24 24 25 25 ./config/netdata-agent.nix 26 + ./config/nfs.nix 27 + ./config/ssh.nix 26 28 ./config/zfs.nix 27 - ./config/nfs.nix 28 29 29 30 ./config/atmosphere/bluesky-pds.nix 30 31 ./config/atmosphere/tangled-knot.nix

+1 -1

packages/server/atmosphere/tangled-knot.nix

··· 20 20 listenAddr = "0.0.0.0:${toString port}"; 21 21 }; 22 22 23 - openFirewall = false; 23 + openFirewall = lib.mkDefault false; 24 24 }; 25 25 26 26 services.caddy.virtualHosts = flakeLib.mkProxies hosts ''