22 lines
509 B
Nix
22 lines
509 B
Nix
{...}: {
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [22];
|
|
settings = {
|
|
UseDns = true;
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
GatewayPorts = "yes";
|
|
LogLevel = "VERBOSE";
|
|
};
|
|
};
|
|
services.traefik.dynamicConfigOptions.tcp = {
|
|
routers.ssh = {
|
|
rule = "ClientIP(`192.168.0.0/16`)";
|
|
entryPoints = ["ssh"];
|
|
service = "ssh-redirect";
|
|
};
|
|
services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}];
|
|
};
|
|
}
|