17 lines
475 B
Nix
17 lines
475 B
Nix
{ config, lib, ... }:
|
|
with lib;
|
|
let cfg = config.desktop.ssh.onlyTinc;
|
|
in {
|
|
options.desktop.ssh.onlyTinc = mkOption {
|
|
type = with types; bool;
|
|
default = true;
|
|
description = ''
|
|
make sure ssh is only available trough the tinc
|
|
'';
|
|
};
|
|
config = mkIf cfg {
|
|
networking.firewall.extraCommands = ''
|
|
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
|
|
'';
|
|
};
|
|
}
|