nano: allow tailscale forwarding and SSH
Alan Pearce alan@alanpearce.eu
Sun, 16 Feb 2025 20:27:07 +0100
1 files changed, 10 insertions(+), 6 deletions(-)
jump to
M system/nano.nix → system/nano.nix
@@ -71,12 +71,19 @@ lan "tailscale0" ]; filterForward = true; + extraForwardRules = '' + iifname "tailscale0" oifname "${lan}" accept + iifname "${lan}" oifname "tailscale0" accept + ''; }; nftables.enable = true; nat = { enable = true; externalInterface = wan; - internalInterfaces = [ lan ]; + internalInterfaces = [ + lan + "tailscale0" + ]; }; }; systemd.network = { @@ -188,6 +195,8 @@ MulticastDNS = true ''; }; + services.openssh.openFirewall = false; + services.dnsmasq = { enable = dnsmasqEnable; alwaysKeepRunning = true; @@ -273,7 +282,6 @@ services.tailscale = { enable = true; extraUpFlags = [ - "--accept-dns=false" "--advertise-exit-node" "--advertise-routes=10.0.0.0/16,fd12:d04f:65d:42::/56" ]; @@ -316,10 +324,6 @@ users.users.root = { openssh.authorizedKeys.keys = [ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYUyDdw92TNXguAxcmcmZmn/7ECGdRp6ckjxU+5zCw3BCnsS5+xEvHBVnnFdJRoH2XpfMeJjE+fi67zFVhlbn4= root@secretive.marvin.local" ]; - }; - - services.sshguard = { - enable = true; }; services.caddy = {