forked from Bun/nixos-config
Make the firewall managed completely on the server
This commit is contained in:
Jimbo
parent
2260afc205
commit
5c1ec4d677
2 changed files with 168 additions and 203 deletions
|
|
@ -39,6 +39,10 @@ in
|
|||
inherit pkgs;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
nur = import (builtins.fetchTarball
|
||||
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
|
||||
inherit pkgs;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -102,12 +106,12 @@ in
|
|||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
# Enable the Nouveau drivers
|
||||
services.xserver.videoDrivers = [ "nouveau" ];
|
||||
#hardware.nvidia = {
|
||||
# modesetting.enable = true;
|
||||
# nvidiaSettings = false;
|
||||
# package = config.boot.kernelPackages.nvidiaPackages.beta;
|
||||
#};
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
hardware.nvidia = {
|
||||
modesetting.enable = true;
|
||||
nvidiaSettings = false;
|
||||
package = config.boot.kernelPackages.nvidiaPackages.beta;
|
||||
};
|
||||
|
||||
# Enable a permissioning system
|
||||
security = {
|
||||
|
|
@ -174,8 +178,6 @@ in
|
|||
enable = true;
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
package = pkgs.unstable.mesa.drivers;
|
||||
package32 = pkgs.unstable.pkgsi686Linux.mesa.drivers;
|
||||
extraPackages = with pkgs; [
|
||||
vulkan-loader
|
||||
vulkan-validation-layers
|
||||
|
|
@ -201,20 +203,12 @@ in
|
|||
# Enable nftables over iptables
|
||||
nftables.enable = true;
|
||||
|
||||
# Enable firewall passthrough
|
||||
# Enable firewall
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
# Sunshine TCP
|
||||
47984 47989 48010
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
# Sunshine UDP
|
||||
47998 47999 48000
|
||||
|
||||
# Games
|
||||
27005 27015 7777
|
||||
];
|
||||
allowPing = false;
|
||||
extraInputRules = ''
|
||||
ip saddr 192.168.2.11 accept comment "Accept Server Connections"
|
||||
'';
|
||||
};
|
||||
|
||||
# Set hostnames
|
||||
|
|
@ -364,6 +358,7 @@ in
|
|||
# Enable SSH
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = false;
|
||||
settings = {
|
||||
LogLevel = "VERBOSE";
|
||||
PermitRootLogin = "no";
|
||||
|
|
@ -376,7 +371,8 @@ in
|
|||
# Block SSH connections after numerous attempts
|
||||
services.fail2ban = {
|
||||
enable = true;
|
||||
maxretry = 10;
|
||||
maxretry = 5;
|
||||
bantime = "5m";
|
||||
};
|
||||
|
||||
# Enable AppImages
|
||||
|
|
@ -385,6 +381,13 @@ in
|
|||
binfmt = true;
|
||||
};
|
||||
|
||||
# Enable Sunshine as a service
|
||||
services.sunshine = {
|
||||
enable = true;
|
||||
settings.port = 57989;
|
||||
autoStart = false;
|
||||
};
|
||||
|
||||
# Enable MPD
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue