sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

firewall?

Browse Source
This commit is contained in:
soraefir
2026-05-08 02:20:28 +02:00
parent 4c1f9f0e78
commit 8fedaf18cd
2 changed files with 1 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/nixos/system/network/base/default.nix
View File

@@ -13,6 +13,7 @@
allowedTCPPorts = allowedTCPPorts =
(if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++ (if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++
(if (config.syscfg.server != false) then [ 5432 6379 ] else [ ]) ++
[ ]; [ ];
}; };
}; };

6
modules/server/nftables/default.nix
View File

@@ -28,12 +28,6 @@ in{
${if cfg.wireguard then ''tcp dport {1515} accept'' else ""} ${if cfg.wireguard then ''tcp dport {1515} accept'' else ""}
${if cfg.wireguard then ''udp dport {1515} accept'' else ""} ${if cfg.wireguard then ''udp dport {1515} accept'' else ""}
} }
chain forward {
type filter hook forward priority filter; policy drop;
ct state established,related accept
iifname { "podman*", "veth*" } accept
oifname { "podman*", "veth*" } accept
}
} }
${if cfg.nftables.enable then '' ${if cfg.nftables.enable then ''
table inet nat { table inet nat {