From 8a82f2e17bcc677217b8aa0f5430a078994d40d3 Mon Sep 17 00:00:00 2001 From: Patryk Niedźwiedziński Date: Tue, 4 May 2021 14:43:49 +0200 Subject: Add whitelist --- machines/srv1/configuration.nix | 8 +++++++- machines/x220/configuration.nix | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'machines') diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix index 79c1218..13f7f49 100644 --- a/machines/srv1/configuration.nix +++ b/machines/srv1/configuration.nix @@ -99,7 +99,13 @@ in services.openssh.enable = true; services.openssh.passwordAuthentication = false; - services.sshguard.enable = true; + services.sshguard = { + enable = true; + whitelist = [ + "192.168.0.0/18" + "201:da2c:2873:5ee3:cc87:79ce:5a12:fff9" + ]; + }; services.nginx.enable = true; services.nginx.package = (pkgs.nginx.override { modules = [ ModSecurity-nginx ]; }); diff --git a/machines/x220/configuration.nix b/machines/x220/configuration.nix index cff9a64..6bb4e44 100644 --- a/machines/x220/configuration.nix +++ b/machines/x220/configuration.nix @@ -16,6 +16,7 @@ in services.yggdrasil = { enable = true; + persistentKeys = true; config = { Peers = [ "tcp://51.75.44.73:50001" -- cgit 1.4.1