1 files changed, 7 insertions, 3 deletions

diff --git a/sys/auth/openssh.nix b/sys/auth/openssh.nix
index 0569f17..7ae9079 100644
--- a/sys/auth/openssh.nix
+++ b/sys/auth/openssh.nix
@@ -34,6 +34,7 @@ in
 
           interface = mkOption {
             type = nullOr str;
+            default = null;
           };
 
           vsockCid = mkOption {
@@ -87,15 +88,18 @@ in
     local.boot.impermanence.files =
       flatten (map (key: [ key.path "${key.path}.pub" ]) config.services.openssh.hostKeys);
 
-    networking.firewall.interfaces = optionalAttrs (restrict != null && restrict.interface != null) {
-      ${restrict.interface}.allowedTCPPorts = [ port ];
+    networking.firewall = {
+      interfaces = optionalAttrs (restrict != null && restrict.interface != null) {
+        ${restrict.interface}.allowedTCPPorts = [ port ];
+      };
+
+      allowedTCPPorts = optional (restrict == null || restrict.interface == null) port;
     };
 
     services.openssh = {
       enable = true;
 
       ports = optional (restrict != null -> restrict.addresses != [ ]) port;
-      openFirewall = restrict == null;
       startWhenNeeded = !config.services.fail2ban.enable;
 
       extraConfig = optionalString cfg.tunnel.enable ''