Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update IPs on firewall services

Browse source
This commit is contained in:
Bun 2025-04-16 17:53:38 -04:00
parent 054a85411e
commit 41b88911bc
4 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/system/services/general/ssh/fail2ban/default.nix
View file

@ -4,7 +4,7 @@
enable = true; enable = true;
maxretry = 5; maxretry = 5;
bantime = "10m"; bantime = "10m";
ignoreIP = [ "10.0.0.0/8" ]; ignoreIP = [ "11.0.0.0/8" ];
}; };
environment.persistence."/persist".directories = [ "/var/lib/fail2ban" ]; environment.persistence."/persist".directories = [ "/var/lib/fail2ban" ];

2
modules/system/services/server/nfs/default.nix
View file

@ -4,6 +4,6 @@
config = lib.mkIf config.services.nfs.server.enable { config = lib.mkIf config.services.nfs.server.enable {
services.nfs.server.exports = "/storage *(rw,sync,no_subtree_check)"; services.nfs.server.exports = "/storage *(rw,sync,no_subtree_check)";
networking.firewall.extraInputRules = "ip saddr 10.0.0.0/8 tcp dport 2049 accept"; networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 2049 accept";
}; };
} }

2
modules/system/services/server/nginx/rtmp/default.nix
View file

@ -23,7 +23,7 @@
} }
''; '';
}; };
networking.firewall.extraInputRules = "ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept"; networking.firewall.extraInputRules = "ip saddr { 11.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept";
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ]; systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
}; };
} }

2
modules/system/services/server/owncast/default.nix
View file

@ -7,7 +7,7 @@
port = 8060; port = 8060;
rtmp-port = 1945; rtmp-port = 1945;
}; };
networking.firewall.extraInputRules = "ip saddr 10.0.0.0/8 tcp dport 1945 accept"; networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 1945 accept";
environment.persistence."/persist".directories = [ "/var/lib/owncast" ]; environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
}; };
} }