Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix some firewall rules

Browse source
This commit is contained in:
Bun 2025-03-18 06:09:07 -04:00
parent 7e40fd4fb3
commit d3a7fe8158
6 changed files with 26 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/system/services/server/fileserver/nfs/default.nix
View file

@ -15,6 +15,7 @@
family = "inet"; family = "inet";
content = '' content = ''
chain input { chain input {
type filter hook input priority filter; policy drop;
ip saddr 10.0.0.0/8 tcp dport 2049 accept comment "Accept NFS" ip saddr 10.0.0.0/8 tcp dport 2049 accept comment "Accept NFS"
} }
''; '';

11
modules/system/services/server/mailserver/go-autoconfig/default.nix
View file

@ -1,9 +1,11 @@
{ config, ... }: { config, lib, ... }:
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
services.go-autoconfig = { config = lib.mkIf config.services.mailserver.enable {
enable = config.services.mailserver.enable; services = {
go-autoconfig = {
enable = true;
settings = { settings = {
service_addr = ":1323"; service_addr = ":1323";
domain = "autoconfig.nixfox.ca"; domain = "autoconfig.nixfox.ca";
@ -17,4 +19,7 @@
}; };
}; };
}; };
cloudflare-dyndns.domains = [ config.services.go-autoconfig.settings.domain ];
};
};
} }

7
modules/system/services/server/mailserver/simplenix/default.nix
View file

@ -28,6 +28,7 @@
"jimbo@bloxelcom.net" "jimbo@bloxelcom.net"
"bun@nixfox.ca" "bun@nixfox.ca"
#"vice@nixfox.ca"
"bun@bloxelcom.net" "bun@bloxelcom.net"
"yara@nixfox.ca" "yara@nixfox.ca"
@ -61,8 +62,10 @@
}; };
}; };
# Rspamd port from earlier to avoid overlap services = {
services.redis.servers.rspamd.port = config.mailserver.redis.port; redis.servers.rspamd.port = config.mailserver.redis.port;
cloudflare-dyndns.domains = [ config.mailserver.fqdn ];
};
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [
"/var/vmail" "/var/vmail"

1
modules/system/services/server/nginx/rtmp/default.nix
View file

@ -29,6 +29,7 @@
family = "inet"; family = "inet";
content = '' content = ''
chain input { chain input {
type filter hook input priority 0; policy drop;
ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept comment "Accept RTMP" ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept comment "Accept RTMP"
} }
''; '';

1
modules/system/services/server/owncast/default.nix
View file

@ -11,6 +11,7 @@
family = "inet"; family = "inet";
content = '' content = ''
chain input { chain input {
type filter hook input priority filter; policy drop;
ip saddr 10.0.0.0/8 tcp dport 1945 accept comment "Accept RTMP" ip saddr 10.0.0.0/8 tcp dport 1945 accept comment "Accept RTMP"
} }
''; '';

2
modules/system/services/server/socialserver/matrix/coturn/default.nix
View file

@ -27,11 +27,9 @@
turn_user_lifetime = "1h"; turn_user_lifetime = "1h";
}; };
# Sync the IP to Cloudflare
cloudflare-dyndns.domains = [ config.services.coturn.realm ]; cloudflare-dyndns.domains = [ config.services.coturn.realm ];
}; };
# Open coturn ports
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ allowedUDPPorts = [
3478 3478