stupidcomputer
/
dot_testing
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

lock the stuff down

This commit is contained in:
stupidcomputer 2024-01-21 12:40:51 -06:00
parent 1e56e048a0
commit a852816503
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
boxes/netbox/default.nix
View File

@ -144,6 +144,23 @@ in {
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda"; boot.loader.grub.device = "/dev/vda";
services.sslh = {
enable = true;
settings.protocols = [
{
host = "localhost";
name = "ssh";
port = "55555";
service = "ssh";
}
{
host = "localhost";
name = "tls";
port = "442";
}
];
};
# cgit # cgit
users = { users = {
groups.git = { }; groups.git = { };
@ -279,6 +296,7 @@ in {
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.clientMaxBodySize = "100m"; services.nginx.clientMaxBodySize = "100m";
services.nginx.defaultSSLListenPort = 442;
services.nginx.virtualHosts."beepboop.systems" = { services.nginx.virtualHosts."beepboop.systems" = {
forceSSL = true; forceSSL = true;
@ -442,6 +460,6 @@ in {
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 5232 55555 22 80 443 ]; allowedTCPPorts = [ 80 443 ];
}; };
} }

4
flake.lock
View File

@ -210,11 +210,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-iemuV19UU8TriqixcvwdRUTa8lIrxc3Krwt4bHpUUWE=", "narHash": "sha256-iemuV19UU8TriqixcvwdRUTa8lIrxc3Krwt4bHpUUWE=",
"path": "/nix/store/gs6dzhqc1qncslkmwckp3q56y6i14w8s-source/builds", "path": "/nix/store/26f187i54ky8clnmd0rbjvv8h3khgc5d-source/builds",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/gs6dzhqc1qncslkmwckp3q56y6i14w8s-source/builds", "path": "/nix/store/26f187i54ky8clnmd0rbjvv8h3khgc5d-source/builds",
"type": "path" "type": "path"
} }
}, },