stupidcomputer/dot_testing
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

make copernicus accessable via netbox wg connection

Browse Source
This commit is contained in:
stupidcomputer 2024-12-31 11:04:50 -06:00
parent 1bf806d4a9
commit b5e636b4d7
3 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
boxes/copernicus/services/sshd.nix
View File

@ -7,6 +7,20 @@
PermitRootLogin = "no"; PermitRootLogin = "no";
PasswordAuthentication = false; PasswordAuthentication = false;
}; };
listenAddresses = [
{
addr = "192.168.1.201";
port = 2222;
}
{
addr = "10.100.0.2";
port = 2222;
}
];
};
networking.firewall.interfaces.eno1 = {
allowedTCPPorts = [ 2222 ];
}; };
users.users.usr.openssh.authorizedKeys.keys = [ users.users.usr.openssh.authorizedKeys.keys = [

4
boxes/netbox/ssh.nix
View File

@ -1,4 +1,4 @@
{ lib, config, pkgs, machines, ... }: { pkgs, machines, ... }:
{ {
services.openssh = { services.openssh = {
@ -6,6 +6,7 @@
ports = [55555]; ports = [55555];
settings = { settings = {
X11Forwarding = false; X11Forwarding = false;
AllowTcpForwarding = true;
PermitRootLogin = "no"; PermitRootLogin = "no";
PasswordAuthentication = false; PasswordAuthentication = false;
}; };
@ -34,7 +35,6 @@
login_ip="''${SSH_CLIENT%% *}" login_ip="''${SSH_CLIENT%% *}"
is_in_ignored=$(grep "$login_ip" /etc/ssh/ignored_ips -c) is_in_ignored=$(grep "$login_ip" /etc/ssh/ignored_ips -c)
if [ "$is_in_ignored" -gt 0 ]; then if [ "$is_in_ignored" -gt 0 ]; then
echo "Your login has been ignored based on your IP address."
exit exit
fi fi
time=$(date "+%T%:z") time=$(date "+%T%:z")

10
lappy-config/ssh/config
View File

@ -2,3 +2,13 @@ Host netbox
HostName beepboop.systems HostName beepboop.systems
User ryan User ryan
Port 443 Port 443
Host copernicus-proxy
HostName 10.100.0.2
User usr
Port 2222
ProxyJump netbox
Host copernicus
User usr
Port 2222