diff options
author | lassulus <lass@lassul.us> | 2017-04-16 23:33:54 +0200 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-04-18 21:14:53 +0200 |
commit | 6a53a331d11fcf1ff1d36645c3bd42c4c9d0c51c (patch) | |
tree | 698c91761ebd752cd08a498c60e11374108a39e7 /lass/1systems | |
parent | 865aa9c1d0198fbd57342c7593396bf4f007e71f (diff) |
l 1 iso: make sshd work
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/iso.nix | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index bee1c148f..01d698c4c 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; krebs.enable = true; krebs.build.user = config.krebs.users.lass; krebs.build.host = config.krebs.hosts.iso; - krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix"; } { nixpkgs.config.allowUnfree = true; @@ -122,18 +121,12 @@ with import <stockholm/lib>; { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; } { krebs.iptables = { enable = true; tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ |