Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix firewall and add back leash while I figure out why disko is failing

Browse source
This commit is contained in:
Jimbo 2024-11-06 22:39:23 -05:00
parent 89e2715162
commit 9299782075
11 changed files with 203 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/system/devices/networking/firewall/default.nix
View file

@ -14,11 +14,14 @@
networking = {
firewall = {
allowPing = false;
extraInputRules = lib.mkIf (!config.system.firewall.server.enable) ''
ip saddr { ${config.ips.server}, ${config.ips.wgSpan}.1 } accept comment "Accept Server"
'' // lib.mkIf config.system.firewall.server.enable ''
ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
extraInputRules = ''
${lib.optionalString (!config.system.firewall.server.enable) ''
ip saddr { ${config.ips.server}, ${config.ips.wgSpan}.1 } accept comment "Accept Server"
''}
${lib.optionalString config.system.firewall.server.enable ''
ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
''}
'';
};