From 8930b867a5bc863cf1362d3d27579e784a4bbe97 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Fri, 6 Dec 2024 22:16:07 +0100
Subject: Only listen on port 22 through tailnet

Signed-off-by: Mel <einebeere@gmail.com>
---
 modules/common.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'modules/common.nix')

diff --git a/modules/common.nix b/modules/common.nix
index 4a66a70..ad47ca5 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -48,6 +48,8 @@
   services = {
     openssh = {
       enable = true;
+      openFirewall = false;
+      listenAddresses = [{ addr = me.tailscale.ip; port = 22; }];
       settings = {
         PasswordAuthentication = false;
         KbdInteractiveAuthentication = false;
-- 
cgit 1.4.1