fix: cloudflare tunnel on tempest

requires openssh, but removing public key
This commit is contained in:
Noah Masur 2023-07-12 23:33:35 -04:00
parent d14054ab17
commit e86b2f184f
4 changed files with 5 additions and 3 deletions

View File

@ -49,6 +49,7 @@ inputs.nixpkgs.lib.nixosSystem {
services.caddy.enable = true;
services.grafana.enable = true;
services.openssh.enable = true;
services.prometheus.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;

View File

@ -56,6 +56,7 @@ inputs.nixpkgs.lib.nixosSystem {
services.jellyfin.enable = true;
services.nextcloud.enable = true;
services.calibre-web.enable = true;
services.openssh.enable = true;
services.prometheus.enable = true;
services.samba.enable = true;

View File

@ -92,6 +92,7 @@ inputs.nixpkgs.lib.nixosSystem {
ryujinx.enable = true;
};
services.openssh.enable = true; # Required for Cloudflare tunnel
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";

View File

@ -13,9 +13,8 @@
};
};
config = lib.mkIf (config.publicKey != null) {
config = lib.mkIf config.services.openssh.enable {
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
@ -27,7 +26,7 @@
};
users.users.${config.user}.openssh.authorizedKeys.keys =
[ config.publicKey ];
lib.mkIf (config.publicKey != null) [ config.publicKey ];
# Implement a simple fail2ban service for sshd
services.sshguard.enable = true;