From 5d29591002a68f6e135bcef429695f8db3600d39 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Mon, 26 Jun 2023 10:57:22 -0700
Subject: [PATCH] ssh port

---
 nixos/base/ssh.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/nixos/base/ssh.nix b/nixos/base/ssh.nix
index a542fa8a..39d3721f 100644
--- a/nixos/base/ssh.nix
+++ b/nixos/base/ssh.nix
@@ -3,8 +3,9 @@
   lib,
   pkgs,
   ...
-}:
-with lib; {
+}: let
+  publicPort = 62954;
+in with lib; {
   /*
   security.pam.services.sshd.text = mkDefault (mkAfter ''
     session required pam_exec.so ${katnotify}/bin/notify
@@ -13,7 +14,8 @@ with lib; {
 
   services.openssh = {
     enable = true;
-    ports = lib.mkDefault [62954];
+    ports = lib.mkDefault [publicPort 22];
+    openFirewall = false;
     settings = {
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
@@ -24,6 +26,7 @@ with lib; {
       LogLevel = "VERBOSE";
     };
   };
+  networking.firewall.allowedTCPPorts = [publicPort];
 
   programs.mosh.enable = true;
 }