Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move the mailserver to Oracle, give up

Browse source
This commit is contained in:
Jimbo 2024-10-22 08:02:35 -04:00
parent 951fee17e1
commit 7f0e1801d7
3 changed files with 7 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/system/devices/networking/firewall/server/default.nix
View file

@ -4,15 +4,12 @@
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# Configure firewall
networking = let
mailPorts = "{ 25, 143, 465, 587, 993, 4190 }";
in {
networking = {
firewall = {
allowPing = false;
extraInputRules = ''
ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
ip saddr ${config.ips.wgSpan}.19 tcp dport ${mailPorts} accept comment "Accept mail"
'';
};
@ -44,8 +41,6 @@
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
oifname "${config.ips.netInt}" masquerade
iifname "${config.ips.netInt}" oifname "${config.ips.wgInt}" masquerade comment "Traffic from public to WireGuard"
tcp dport ${mailPorts} oifname != "${config.ips.wgInt}" drop comment "Send mail"
}
'';
};