system/network.nix
{ ... }:
{
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
22
];
allowedTCPPortRanges = [
{
from = 80;
to = 8000;
}
];
allowedUDPPortRanges = [
{
from = 80;
to = 8000;
}
];
};
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PubkeyAuthentication = true;
AllowUsers = [ "enzolevan" ];
UseDns = false;
X11Forwarding = false;
PermitRootLogin = "no";
};
};
}