too much to mention

2024-11-02 18:48:19 +01:00
parent 1dfce7fd9b
commit 11fd6bc478
17 changed files with 222 additions and 102 deletions
--- a/config/nixos/common/server.nix
+++ b/config/nixos/common/server.nix
@ -1,4 +1,28 @@
 { config, pkgs, ... }:
 {
+  # OpenSSH server
+  services.openssh = {
+    enable = true;
+    ports = [ 400 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "menno" ];
+      X11Forwarding = false;
+      PermitRootLogin = "prohibit-password";
+      AllowTCPForwarding = true;
+      AllowAgentForwarding = true;
+      PermitEmptyPasswords = false;
+      PubkeyAuthentication = true;
+    };
+  };

+  # Open ports in the firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # SSH
+      400
+    ];
+    allowedUDPPorts = [ ];
+  };
 }
--- a/config/nixos/common/workstation.nix
+++ b/config/nixos/common/workstation.nix
@ -24,4 +24,40 @@
    alsa.support32Bit = true;
    pulse.enable = true;
  };
+
+  # Open ports in the firewall
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      # RDP (Gnome Remote Desktop)
+      3389
+      3390
+      3391
+
+      # SSH
+      400
+    ];
+    allowedUDPPorts = [
+      # RDP (Gnome Remote Desktop)
+      3389
+      3390
+      3391
+    ];
+  };
+
+  # OpenSSH server
+  services.openssh = {
+    enable = true;
+    ports = [ 400 ];
+    settings = {
+      PasswordAuthentication = false;
+      AllowUsers = [ "menno" ];
+      X11Forwarding = true;
+      PermitRootLogin = "prohibit-password";
+      AllowTCPForwarding = true;
+      AllowAgentForwarding = true;
+      PermitEmptyPasswords = false;
+      PubkeyAuthentication = true;
+    };
+  };
 }