From 41b88911bce855c9e25c52847391ef0283a06bd6 Mon Sep 17 00:00:00 2001
From: Bun <bun@nixfox.ca>
Date: Wed, 16 Apr 2025 17:53:38 -0400
Subject: [PATCH] Update IPs on firewall services

---
 modules/system/services/general/ssh/fail2ban/default.nix | 2 +-
 modules/system/services/server/nfs/default.nix           | 2 +-
 modules/system/services/server/nginx/rtmp/default.nix    | 2 +-
 modules/system/services/server/owncast/default.nix       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/system/services/general/ssh/fail2ban/default.nix b/modules/system/services/general/ssh/fail2ban/default.nix
index abe98df5..15f4349d 100644
--- a/modules/system/services/general/ssh/fail2ban/default.nix
+++ b/modules/system/services/general/ssh/fail2ban/default.nix
@@ -4,7 +4,7 @@
     enable = true;
     maxretry = 5;
     bantime = "10m";
-    ignoreIP = [ "10.0.0.0/8" ];
+    ignoreIP = [ "11.0.0.0/8" ];
   };
 
   environment.persistence."/persist".directories = [ "/var/lib/fail2ban" ];
diff --git a/modules/system/services/server/nfs/default.nix b/modules/system/services/server/nfs/default.nix
index 73012608..eab19619 100644
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@@ -4,6 +4,6 @@
 
   config = lib.mkIf config.services.nfs.server.enable {
     services.nfs.server.exports = "/storage *(rw,sync,no_subtree_check)";
-    networking.firewall.extraInputRules = "ip saddr 10.0.0.0/8 tcp dport 2049 accept";
+    networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 2049 accept";
   };
 }
diff --git a/modules/system/services/server/nginx/rtmp/default.nix b/modules/system/services/server/nginx/rtmp/default.nix
index e91f804f..4a619e05 100644
--- a/modules/system/services/server/nginx/rtmp/default.nix
+++ b/modules/system/services/server/nginx/rtmp/default.nix
@@ -23,7 +23,7 @@
         }
       '';
     };
-    networking.firewall.extraInputRules = "ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept";
+    networking.firewall.extraInputRules = "ip saddr { 11.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept";
     systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
   };
 }
diff --git a/modules/system/services/server/owncast/default.nix b/modules/system/services/server/owncast/default.nix
index 35b630b4..b98f402c 100644
--- a/modules/system/services/server/owncast/default.nix
+++ b/modules/system/services/server/owncast/default.nix
@@ -7,7 +7,7 @@
       port = 8060;
       rtmp-port = 1945;
     };
-    networking.firewall.extraInputRules = "ip saddr 10.0.0.0/8 tcp dport 1945 accept";
+    networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 1945 accept";
     environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
   };
 }