gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

security: harden lazyworkhorse with firewall, fail2ban, SSH hardening #28

Merged
gortium merged 11 commits from feature/server-hardening-clean into master 2026-05-03 09:11:58 +00:00
Conversation 1 Commits 11 Files Changed 5 +323 -2
4 changed files with 323 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9b1f467db9 - Show all commits

2
hosts/lazyworkhorse/configuration.nix
View File

@@ -314,9 +314,9 @@
# Firewall - default deny, explicit allow # Firewall - default deny, explicit allow
networking.firewall = { networking.firewall = {
# Enable firewall with default deny policy (NixOS firewall denies all by default)
enable = true; enable = true;
allowPing = true; allowPing = true;
defaultAllow = false;
# Only essential ports exposed to internet # Only essential ports exposed to internet
allowedTCPPorts = [ allowedTCPPorts = [