sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity

Fix ports firewall

Browse Source
This commit is contained in:
soraefir
2026-05-03 13:21:22 +02:00
parent 38350b91e1
commit c8cb980c15
3 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/nixos/system/network/base/default.nix
View File

@@ -4,6 +4,15 @@
useDHCP = true; useDHCP = true;
nameservers = [ "1.1.1.1" "9.9.9.9" ]; nameservers = [ "1.1.1.1" "9.9.9.9" ];
firewall = { enable = true; }; firewall = {
enable = true;
allowedUDPPorts =
(if config.syscfg.server ? wireguard then [ 1515 ] else [ ]) ++
[ ];
allowedTCPPorts =
(if config.syscfg.server ? web then [ 80 443 22 ] else [ ]) ++
[ ];
};
}; };
} }

4
modules/shared/syscfg/default.nix
View File

@@ -118,6 +118,10 @@ let
type = type.bool; type = type.bool;
default = false; default = false;
}; };
web = mkOption {
type = type.bool;
default = false;
};
nftables = { nftables = {
enable = mkOption { enable = mkOption {
type = type.bool; type = type.bool;

1
systems/gateway/cfg.nix
View File

@@ -29,6 +29,7 @@
server = { server = {
openssh = true; openssh = true;
wireguard = true; wireguard = true;
web = true;
nftables = { nftables = {
enable = true; enable = true;
ifs = ["ens3" "wg0" ]; ifs = ["ens3" "wg0" ];