sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Update

Browse Source
This commit is contained in:
soraefir
2026-05-08 00:06:21 +02:00
parent 8092bac6b7
commit e8c9fc52fb
7 changed files with 148 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/server/nftables/default.nix
View File

@@ -1,5 +1,3 @@
{ config, lib, ... }:{
config = lib.mkIf (config.syscfg.server.nftables.enable) {
boot.kernel.sysctl = {
@@ -11,8 +9,12 @@
networking.nftables.ruleset = ''
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
type filter hook input priority filter; policy drop;
ct state established,related accept
iifname "lo" accept
tcp dport {5432, 6379} ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept
tcp dport {80, 443, 22} accept
udp dport {80, 443, 22} accept
}
}