ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

add endlessh-go autometic setup (#32)

Browse Source
This commit is contained in:
Dennis 2024-01-09 16:21:22 +01:00 committed by GitHub
parent a05be0f2d3
commit d7f026b05b
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/security.nix
View File

@ -2,8 +2,8 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
config = { config = {
services = lib.mkIf config.services.gitea.enable { services = {
openssh = { openssh = lib.mkIf config.services.gitea.enable {
extraConfig = '' extraConfig = ''
Match User gitea Match User gitea
AllowAgentForwarding no AllowAgentForwarding no
@ -13,14 +13,19 @@
''; '';
}; };
gitea.settings."ssh.minimum_key_sizes" = { gitea.settings."ssh.minimum_key_sizes" = lib.mkIf config.services.gitea.enable {
ECDSA = -1; ECDSA = -1;
RSA = 4095; RSA = 4095;
}; };
endlessh-go = lib.mkIf (!builtins.elem 22 config.services.openssh.ports) {
enable = true;
port = 22;
};
}; };
networking.firewall = lib.mkIf config.services.openssh.enable { networking.firewall = lib.mkIf config.services.openssh.enable {
allowedTCPPorts = config.services.openssh.ports; allowedTCPPorts = config.services.openssh.ports ++ [ 22 ];
}; };
}; };
} }