diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-08-12 10:12:39 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-08-12 10:12:39 -0700 |
| commit | 6adb943f580162ea6348e3910926fc2fcefcfa79 (patch) | |
| tree | d802fd738ffed6eaa508acfd5d0c98b38331fab5 /profiles/server.nix | |
| parent | add a profile for boot (diff) | |
| download | infra-6adb943f580162ea6348e3910926fc2fcefcfa79.tar.gz | |
add profiles for security, firewalls, and users
Diffstat (limited to 'profiles/server.nix')
| -rw-r--r-- | profiles/server.nix | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/profiles/server.nix b/profiles/server.nix index 82a20c7..593dd44 100644 --- a/profiles/server.nix +++ b/profiles/server.nix @@ -2,19 +2,10 @@ ... }: { - imports = [ ./default.nix ]; - networking = { - firewall = { - enable = false; - allowPing = true; - logRefusedConnections = false; - }; - }; - # Used by systemd-resolved, not directly by resolv.conf. networking.nameservers = [ "8.8.8.8#dns.google" @@ -24,6 +15,4 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" ]; - - networking.firewall.allowedTCPPorts = [ 22 ]; } |