ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

add endlessh-go autometic setup (#32)

Browse Source
This commit is contained in:
Dennis 2024-01-09 16:21:22 +01:00 committed by GitHub
parent a05be0f2d3
commit d7f026b05b
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/security.nix
View File

@ -2,8 +2,8 @@
{ config, lib, ... }:
{
config = {
services = lib.mkIf config.services.gitea.enable {
openssh = {
services = {
openssh = lib.mkIf config.services.gitea.enable {
extraConfig = ''
Match User gitea
AllowAgentForwarding no
@ -13,14 +13,19 @@
'';
};
gitea.settings."ssh.minimum_key_sizes" = {
gitea.settings."ssh.minimum_key_sizes" = lib.mkIf config.services.gitea.enable {
ECDSA = -1;
RSA = 4095;
};
endlessh-go = lib.mkIf (!builtins.elem 22 config.services.openssh.ports) {
enable = true;
port = 22;
};
};
networking.firewall = lib.mkIf config.services.openssh.enable {
allowedTCPPorts = config.services.openssh.ports;
allowedTCPPorts = config.services.openssh.ports ++ [ 22 ];
};
};
}