l 1 iso: make sshd work

author: lassulus <lass@lassul.us> 2017-04-16 23:33:54 +0200
committer: lassulus <lass@lassul.us> 2017-04-16 23:33:54 +0200
commit: faa8318d13a4b8932e9fd15ebae116d380ede497 (patch)
tree: 3f1d77f1019e293c5b4cecef4827b7e50191a8cb
parent: 7ea694323bf791e6a2dae4897fefa0f09bc2a654 (diff)
1 files changed, 1 insertions, 8 deletions
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index bee1c148f..01d698c4c 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -15,7 +15,6 @@ with import <stockholm/lib>;
       krebs.enable = true;
       krebs.build.user = config.krebs.users.lass;
       krebs.build.host = config.krebs.hosts.iso;
-      krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
     }
     {
       nixpkgs.config.allowUnfree = true;
@@ -122,18 +121,12 @@ with import <stockholm/lib>;
           { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
         ];
       };
+      systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ];
     }
     {
       krebs.iptables = {
         enable = true;
         tables = {
-          nat.PREROUTING.rules = [
-            { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
-            { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
-          ];
-          nat.OUTPUT.rules = [
-            { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
-          ];
           filter.INPUT.policy = "DROP";
           filter.FORWARD.policy = "DROP";
           filter.INPUT.rules = [
author	lassulus <lass@lassul.us>	2017-04-16 23:33:54 +0200
committer	lassulus <lass@lassul.us>	2017-04-16 23:33:54 +0200
commit	faa8318d13a4b8932e9fd15ebae116d380ede497 (patch)
tree	3f1d77f1019e293c5b4cecef4827b7e50191a8cb
parent	7ea694323bf791e6a2dae4897fefa0f09bc2a654 (diff)