jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve firewalling

Browse source
This commit is contained in:
Jakob Lechner 2024-05-04 14:50:59 +00:00
parent b395cde724
commit 0042b62652
4 changed files with 32 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/aluminium/services/dnsmasq.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { lib, pkgs, ... }:
let let
stateDir = "/var/lib/dnsmasq"; stateDir = "/var/lib/dnsmasq";
@ -42,8 +42,18 @@ in
}; };
}; };
networking.firewall = { networking.firewall.interfaces = lib.attrsets.genAttrs [
allowedUDPPorts = [ 53 67 ]; "heizung"
allowedTCPPorts = [ 53 ]; "iot"
}; "lechner"
"pv"
"sprechanlage"
"voice"
]
(
interface: {
allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 53 ];
}
);
} }

5
hosts/aluminium/services/unifi-controller.nix
View file

@ -6,8 +6,9 @@ in
{ {
services.unifi = { services.unifi = {
enable = true; enable = true;
openFirewall = true;
unifiPackage = pkgs.unifi; unifiPackage = pkgs.unifi;
}; };
networking.firewall.allowedTCPPorts = [ ports.unifi.tcp ]; networking.firewall.interfaces.lechner.allowedTCPPorts = [
ports.unifi.tcp
];
} }

16
hosts/iron/services/dnsmasq.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { lib, pkgs, ... }:
let let
stateDir = "/var/lib/dnsmasq"; stateDir = "/var/lib/dnsmasq";
@ -37,8 +37,14 @@ in
}; };
}; };
networking.firewall = { networking.firewall.interfaces = lib.attrsets.genAttrs [
allowedUDPPorts = [ 53 67 ]; "enp2s4"
allowedTCPPorts = [ 53 ]; "iot"
}; ]
(
interface: {
allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 53 ];
}
);
} }

5
hosts/iron/services/unifi-controller.nix
View file

@ -6,8 +6,9 @@ in
{ {
services.unifi = { services.unifi = {
enable = true; enable = true;
openFirewall = true;
unifiPackage = pkgs.unifi; unifiPackage = pkgs.unifi;
}; };
networking.firewall.allowedTCPPorts = [ ports.unifi.tcp ]; networking.firewall.interfaces.enp2s4.allowedTCPPorts = [
ports.unifi.tcp
];
} }