gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(hakurei): ssh access

Browse source
This commit is contained in:
arcnmx 2024-02-06 13:26:20 -08:00
parent eb1549975e
commit 2039fd8cb6
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/base/ssh.nix
View file

@ -15,7 +15,7 @@ in {
services.openssh = {
enable = mkDefault true;
ports = mkDefault [publicPort 22];
ports = [publicPort 22];
openFirewall = mkDefault false;
settings = {
PasswordAuthentication = mkDefault false;

6
systems/hakurei/reisen-ssh.nix
View file

@ -5,6 +5,7 @@
...
}: let
inherit (lib.modules) mkAfter;
sshPort = 41022;
username = "tf-proxmox";
sshJump = pkgs.writeShellScript "ssh-jump-${username}" ''
exec ssh -T \
@ -18,7 +19,9 @@ in {
hashedPasswordFile = config.sops.secrets.tf-proxmox-passwd.path;
isNormalUser = true;
};
services.openssh = {
ports = mkAfter [ sshPort ];
settings = {
KbdInteractiveAuthentication = true;
PasswordAuthentication = true;
@ -28,6 +31,9 @@ in {
ForceCommand ${sshJump}
'';
};
networking.firewall.allowedTCPPorts = [ sshPort ];
sops.secrets = {
tf-proxmox-passwd = { };
tf-proxmox-identity = {