Add whitelist

author: Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com> 2021-05-04 14:43:49 +0200
committer: Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com> 2021-05-04 14:43:49 +0200
commit: 8a82f2e17bcc677217b8aa0f5430a078994d40d3 (patch)
tree: 10ffea592a2b410701c4913c9db68af9222f43a9
parent: a92c155adb14e582a207017d5ba4953ad31c31e9 (diff)
download: dots-8a82f2e17bcc677217b8aa0f5430a078994d40d3.tar.gz
dots-8a82f2e17bcc677217b8aa0f5430a078994d40d3.zip
2 files changed, 8 insertions, 1 deletions
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix
index 79c1218..13f7f49 100644
--- a/machines/srv1/configuration.nix
+++ b/machines/srv1/configuration.nix
@@ -99,7 +99,13 @@ in
 
   services.openssh.enable = true;
   services.openssh.passwordAuthentication = false;
-  services.sshguard.enable = true;
+  services.sshguard = {
+    enable = true;
+    whitelist = [
+      "192.168.0.0/18"
+      "201:da2c:2873:5ee3:cc87:79ce:5a12:fff9"
+    ];
+  };
 
   services.nginx.enable = true;
   services.nginx.package = (pkgs.nginx.override { modules = [ ModSecurity-nginx ]; });
diff --git a/machines/x220/configuration.nix b/machines/x220/configuration.nix
index cff9a64..6bb4e44 100644
--- a/machines/x220/configuration.nix
+++ b/machines/x220/configuration.nix
@@ -16,6 +16,7 @@ in
 
     services.yggdrasil = {
       enable = true;
+      persistentKeys = true;
       config = {
         Peers = [
           "tcp://51.75.44.73:50001"
author	Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com>	2021-05-04 14:43:49 +0200
committer	Patryk Niedźwiedziński <pniedzwiedzinski19@gmail.com>	2021-05-04 14:43:49 +0200
commit	8a82f2e17bcc677217b8aa0f5430a078994d40d3 (patch)
tree	10ffea592a2b410701c4913c9db68af9222f43a9
parent	a92c155adb14e582a207017d5ba4953ad31c31e9 (diff)
download	dots-8a82f2e17bcc677217b8aa0f5430a078994d40d3.tar.gz dots-8a82f2e17bcc677217b8aa0f5430a078994d40d3.zip