about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2024-10-27 10:46:20 -0700
committerFranck Cuny <franck@fcuny.net>2024-10-27 10:46:20 -0700
commitd3a51a7a8e7beea94dd92bdc6ca7a17e6301d93f (patch)
treea2289775e98a01fa2f74a7154242007b903e28ec
parentthis may simplify things ? (diff)
downloadworld-d3a51a7a8e7beea94dd92bdc6ca7a17e6301d93f.tar.gz
move firewall configuration to the network module
-rw-r--r--nix/hosts/wildcat/configuration.nix8
-rw-r--r--nix/hosts/wildcat/default.nix10
-rw-r--r--nix/hosts/wildcat/networking.nix39
3 files changed, 32 insertions, 25 deletions
diff --git a/nix/hosts/wildcat/configuration.nix b/nix/hosts/wildcat/configuration.nix
index d7ab350..7143ad8 100644
--- a/nix/hosts/wildcat/configuration.nix
+++ b/nix/hosts/wildcat/configuration.nix
@@ -1,12 +1,4 @@
 { lib, pkgs, ... }: {
-  networking = {
-    firewall.allowedTCPPorts = [
-      # nginx
-      80
-      443
-    ];
-  };
-
   security.acme = {
     defaults.email = "acme@fcuny.net";
     acceptTerms = true;
diff --git a/nix/hosts/wildcat/default.nix b/nix/hosts/wildcat/default.nix
index fcaad82..7bde471 100644
--- a/nix/hosts/wildcat/default.nix
+++ b/nix/hosts/wildcat/default.nix
@@ -1,18 +1,18 @@
 { ... }: {
 
-  imports = [
-    ./hardware.nix
-    ./networking.nix
-    ./configuration.nix
-  ];
+  imports = [ ./hardware.nix ./networking.nix ./configuration.nix ];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
+
   networking.hostName = "fcuny";
   networking.domain = "net";
+
   services.openssh.enable = true;
+
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
   ];
+
   system.stateVersion = "23.11";
 }
diff --git a/nix/hosts/wildcat/networking.nix b/nix/hosts/wildcat/networking.nix
index 1199113..c0b4bd0 100644
--- a/nix/hosts/wildcat/networking.nix
+++ b/nix/hosts/wildcat/networking.nix
@@ -2,11 +2,8 @@
   # This file was populated at runtime with the networking
   # details gathered from the active system.
   networking = {
-    nameservers = [
-      "2a01:4ff:ff00::add:2"
-      "2a01:4ff:ff00::add:1"
-      "185.12.64.1"
-    ];
+    nameservers =
+      [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ];
     defaultGateway = "172.31.1.1";
     defaultGateway6 = {
       address = "fe80::1";
@@ -16,18 +13,36 @@
     usePredictableInterfaceNames = lib.mkForce false;
     interfaces = {
       eth0 = {
-        ipv4.addresses = [
-          { address = "5.78.87.68"; prefixLength = 32; }
-        ];
+        ipv4.addresses = [{
+          address = "5.78.87.68";
+          prefixLength = 32;
+        }];
         ipv6.addresses = [
-          { address = "2a01:4ff:1f0:d1a3::1"; prefixLength = 64; }
-          { address = "fe80::9400:3ff:fe98:d6dc"; prefixLength = 64; }
+          {
+            address = "2a01:4ff:1f0:d1a3::1";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::9400:3ff:fe98:d6dc";
+            prefixLength = 64;
+          }
         ];
-        ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }];
-        ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }];
+        ipv4.routes = [{
+          address = "172.31.1.1";
+          prefixLength = 32;
+        }];
+        ipv6.routes = [{
+          address = "fe80::1";
+          prefixLength = 128;
+        }];
       };
 
     };
+    firewall.allowedTCPPorts = [
+      22 # ssh
+      80 # nginx
+      443 # nginx
+    ];
   };
   services.udev.extraRules = ''
     ATTR{address}=="96:00:03:98:d6:dc", NAME="eth0"