sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

more fix

Browse Source
This commit is contained in:
soraefir
2026-05-08 01:34:17 +02:00
parent 9cf9937cb7
commit 4bc68eeeaf
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/server/nftables/default.nix
View File

@@ -1,6 +1,12 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.syscfg.server; cfg = config.syscfg.server;
DBlistNames = config.syscfg.server.db;
DBcontainerNames = lib.mapAttrsToList
(name: cfg: name)
(lib.filterAttrs (name: cfg: cfg.db or false) config.syscfg.server.containers);
DBallApps = lib.unique (DBlistNames ++ DBcontainerNames);
in{ in{
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
@@ -15,7 +21,7 @@ in{
ct state established,related accept ct state established,related accept
iifname "lo" accept iifname "lo" accept
tcp dport {422, 22} accept tcp dport {422, 22} accept
${if builtins.length cfg.db > 0 then ''tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept'' else ""} ${if builtins.length DBallApps > 0 then ''tcp dport {5432, 6379} ip saddr { 10.0.0.0/8, 169.254.0.0/16 } accept'' else ""}
${if cfg.web then ''tcp dport {80, 443} accept ${if cfg.web then ''tcp dport {80, 443} accept
udp dport {80, 443} accept'' else ""} udp dport {80, 443} accept'' else ""}
${if cfg.wireguard then ''tcp dport {1515} accept ${if cfg.wireguard then ''tcp dport {1515} accept

1
systems/sandbox/cfg.nix
View File

@@ -22,7 +22,6 @@
openssh = true; openssh = true;
web = true; web = true;
sops = true; sops = true;
db = [ "_" ];
hostDomain = "test.helcel.net"; hostDomain = "test.helcel.net";
shortName = "testcel"; shortName = "testcel";