From 81edf99463a269e8e563d0b2f9d01f719e280a81 Mon Sep 17 00:00:00 2001
From: goeranh <goeranh@goeranh.de>
Date: Wed, 25 Feb 2026 07:13:13 +0100
Subject: [PATCH] make ssh avaliable on 2142 to allow forwarding of 22 to srs2

---
 hosts/proxy/default.nix | 50 +++++++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 17 deletions(-)

diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix
index cfe1886..df7eded 100644
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@@ -9,19 +9,31 @@
     ./hardware-configuration.nix
   ];
 
-  networking.hostName = "proxy";
-  networking.interfaces.ens18.ipv4.addresses = [
-    {
-      address = "141.56.51.1";
-      prefixLength = 24;
-    }
-  ];
+  networking = {
+    hostName = "proxy";
+    interfaces.ens18.ipv4.addresses = [
+      {
+        address = "141.56.51.1";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway.address = "141.56.51.254";
+    nameservers = [
+      "9.9.9.9"
+      "1.1.1.1"
+    ];
+    firewall = {
+      allowedTCPPorts = [
+        80
+        443
+        2142
+      ];
+    };
+    nftables = {
+      enable = true;
+    };
+  };
 
-  networking.defaultGateway.address = "141.56.51.254";
-  networking.nameservers = [
-    "9.9.9.9"
-    "1.1.1.1"
-  ];
   security.acme = {
     certs."stura.htw-dresden.de" = {
       listenHTTP = ":8888";
@@ -46,7 +58,15 @@ systemd.services.haproxy = {
 };
 
 services = {
-    openssh.enable = true;
+    openssh = {
+      enable = true;
+      listenAddresses = [
+        {
+          addr = "141.56.51.1";
+          port = 2142;
+        }
+      ];
+    };
     haproxy = {
       enable = true;
       config = ''
@@ -156,10 +176,6 @@ services = {
   };
 
 
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
 
   environment.systemPackages = with pkgs; [
     openvpn