Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-21 23:40:33 -05:00
Code Issues Projects Releases Packages Wiki Activity

expand SSH connection limit allowlist

Browse source
This commit is contained in:
Daniel Micay 2025-08-29 10:28:44 -04:00
parent f3ae87143f
commit 3d0e2ffb23
11 changed files with 74 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

7
deploy-initial
View file

@ -4,6 +4,7 @@ set -o errexit -o nounset -o pipefail
shopt -s expand_aliases
. hosts.sh
. ssh.sh
[[ $# -eq 1 ]] || exit 1
@ -59,8 +60,10 @@ sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" tmp
rsync tmp $remote:/mnt/etc/ssh/sshd_config
rm tmp
synproxy_threshold=$(( ${hosts_conntrack_size[$host]} / 64 ))
sed "s/{{synproxy_threshold}}/$synproxy_threshold/g" etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf >tmp
cp etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf tmp
sed -i "s/{{synproxy_threshold}}/$(( ${hosts_conntrack_size[$host]} / 64 ))/g" tmp
sed -i "s/{{ssh_ipv4}}/$ssh_ipv4/g" tmp
sed -i "s/{{ssh_ipv6}}/$ssh_ipv6/g" tmp
rsync tmp $remote:/mnt/etc/nftables.conf
rm tmp