From a59aebb4834262c549a4260d0164ae1c9f895384 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Tue, 3 Sep 2024 18:02:42 -0700
Subject: tailscale

---
 modules/networking/firewall.nix | 8 +-------
 modules/programs/mosh.nix       | 2 +-
 modules/services/default.nix    | 1 +
 modules/services/openssh.nix    | 7 ++-----
 4 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix
index 8077042..d389bff 100644
--- a/modules/networking/firewall.nix
+++ b/modules/networking/firewall.nix
@@ -3,17 +3,11 @@
     enable = true;
     allowedUDPPorts = [ 53 ];
     allowPing = false;
+    trustedInterfaces = [ "tailscale0" ];
 
     allowedTCPPorts = [
       80
       443
     ];
-
-    allowedUDPPortRanges = [
-      {
-        from = 60000;
-        to = 61000;
-      }
-    ];
   };
 }
diff --git a/modules/programs/mosh.nix b/modules/programs/mosh.nix
index 09b0937..c9af5bf 100644
--- a/modules/programs/mosh.nix
+++ b/modules/programs/mosh.nix
@@ -1,6 +1,6 @@
 {
   programs.mosh = {
     enable = true;
-    openFirewall = true;
+    openFirewall = false;
   };
 }
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 7c881c1..adc5d0b 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -26,5 +26,6 @@
     chrony.enable = false;
     timesyncd.enable = true;
     irqbalance.enable = true;
+    tailscale.enable = true;
   };
 }
diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix
index b16ca8a..8bab2a4 100644
--- a/modules/services/openssh.nix
+++ b/modules/services/openssh.nix
@@ -1,13 +1,10 @@
 {
   services.openssh = {
     enable = true;
-    ports = [ 2222 ];
-    openFirewall = true;
+    ports = [ 22 ];
+    openFirewall = false;
 
     settings = {
-      PermitRootLogin = "no";
-      MaxAuthTries = 3;
-
       KexAlgorithms = [
         "curve25519-sha256"
         "curve25519-sha256@libssh.org"
-- 
cgit v1.2.3