lock the stuff down
This commit is contained in:
parent
1e56e048a0
commit
a852816503
|
@ -144,6 +144,23 @@ in {
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "/dev/vda";
|
||||||
|
|
||||||
|
services.sslh = {
|
||||||
|
enable = true;
|
||||||
|
settings.protocols = [
|
||||||
|
{
|
||||||
|
host = "localhost";
|
||||||
|
name = "ssh";
|
||||||
|
port = "55555";
|
||||||
|
service = "ssh";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
host = "localhost";
|
||||||
|
name = "tls";
|
||||||
|
port = "442";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
# cgit
|
# cgit
|
||||||
users = {
|
users = {
|
||||||
groups.git = { };
|
groups.git = { };
|
||||||
|
@ -279,6 +296,7 @@ in {
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
services.nginx.clientMaxBodySize = "100m";
|
services.nginx.clientMaxBodySize = "100m";
|
||||||
|
services.nginx.defaultSSLListenPort = 442;
|
||||||
|
|
||||||
services.nginx.virtualHosts."beepboop.systems" = {
|
services.nginx.virtualHosts."beepboop.systems" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -442,6 +460,6 @@ in {
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 5232 55555 22 80 443 ];
|
allowedTCPPorts = [ 80 443 ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -210,11 +210,11 @@
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1,
|
"lastModified": 1,
|
||||||
"narHash": "sha256-iemuV19UU8TriqixcvwdRUTa8lIrxc3Krwt4bHpUUWE=",
|
"narHash": "sha256-iemuV19UU8TriqixcvwdRUTa8lIrxc3Krwt4bHpUUWE=",
|
||||||
"path": "/nix/store/gs6dzhqc1qncslkmwckp3q56y6i14w8s-source/builds",
|
"path": "/nix/store/26f187i54ky8clnmd0rbjvv8h3khgc5d-source/builds",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"path": "/nix/store/gs6dzhqc1qncslkmwckp3q56y6i14w8s-source/builds",
|
"path": "/nix/store/26f187i54ky8clnmd0rbjvv8h3khgc5d-source/builds",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue