diff options
author | tv <tv@krebsco.de> | 2016-02-01 17:40:25 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-02-01 17:40:25 +0100 |
commit | bb1dbae8187601cea2ddfbdcdc9baa456bc5b4ab (patch) | |
tree | 9baf432b207294094acb4f1a71d54c5dd07bdf13 | |
parent | d6ded00d012d4fb2a2a0a824604b25dac35ee349 (diff) |
tv: open ssh port by default
-rw-r--r-- | tv/1systems/cd.nix | 4 | ||||
-rw-r--r-- | tv/1systems/nomic.nix | 1 | ||||
-rw-r--r-- | tv/1systems/wu.nix | 1 | ||||
-rw-r--r-- | tv/1systems/xu.nix | 1 | ||||
-rw-r--r-- | tv/2configs/default.nix | 5 |
5 files changed, 5 insertions, 7 deletions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index da44f5077..6db78ca89 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "tinc" "smtp" "xmpp-client" @@ -58,10 +57,7 @@ with lib; "cgit.cd.krebsco.de" "cgit.cd.viljetic.de" ]; - } - { # TODO make public_html also available to cd, cd.retiolum (AKA default) - tv.iptables.input-internet-accept-new-tcp = singleton "http"; krebs.nginx.servers.public_html = { server-names = singleton "cd.viljetic.de"; locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index b7e77e973..f176a5f23 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -17,7 +17,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index f52bbc091..16709052b 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -129,7 +129,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 54e16868f..c6f1a393e 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -127,7 +127,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 310077021..abe9d3de8 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -163,12 +163,17 @@ with lib; } { + tv.iptables.enable = true; + } + + { services.openssh = { enable = true; hostKeys = [ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + tv.iptables.input-internet-accept-new-tcp = singleton "ssh"; } { |