44 lines
878 B
Nix
44 lines
878 B
Nix
{ config, pkgs, ... }:
|
|
{
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 400 ];
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
AllowUsers = [ "menno" ];
|
|
X11Forwarding = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
AllowTCPForwarding = true;
|
|
AllowAgentForwarding = true;
|
|
PermitEmptyPasswords = false;
|
|
PubkeyAuthentication = true;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall = {
|
|
enable = true;
|
|
|
|
# External ports
|
|
allowedTCPPorts = [
|
|
## Portforwarded
|
|
80 # HTTP
|
|
443 # HTTPS
|
|
22 # Git over SSH
|
|
25565 # Minecraft
|
|
24454 # Minecraft (Voice Chat)
|
|
32400 # Plex
|
|
51820 # WireGuard
|
|
|
|
## Internal services / TailScale
|
|
400 # SSH
|
|
];
|
|
|
|
allowedUDPPorts = [
|
|
51820 # WireGuard
|
|
25565 # Minecraft
|
|
];
|
|
};
|
|
};
|
|
}
|