diff options
author | Franck Cuny <franck@fcuny.net> | 2024-10-27 10:46:20 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2024-10-27 10:46:20 -0700 |
commit | d3a51a7a8e7beea94dd92bdc6ca7a17e6301d93f (patch) | |
tree | a2289775e98a01fa2f74a7154242007b903e28ec /nix/hosts/wildcat/networking.nix | |
parent | this may simplify things ? (diff) | |
download | world-d3a51a7a8e7beea94dd92bdc6ca7a17e6301d93f.tar.gz |
move firewall configuration to the network module
Diffstat (limited to 'nix/hosts/wildcat/networking.nix')
-rw-r--r-- | nix/hosts/wildcat/networking.nix | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/nix/hosts/wildcat/networking.nix b/nix/hosts/wildcat/networking.nix index 1199113..c0b4bd0 100644 --- a/nix/hosts/wildcat/networking.nix +++ b/nix/hosts/wildcat/networking.nix @@ -2,11 +2,8 @@ # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ - "2a01:4ff:ff00::add:2" - "2a01:4ff:ff00::add:1" - "185.12.64.1" - ]; + nameservers = + [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; @@ -16,18 +13,36 @@ usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { - ipv4.addresses = [ - { address = "5.78.87.68"; prefixLength = 32; } - ]; + ipv4.addresses = [{ + address = "5.78.87.68"; + prefixLength = 32; + }]; ipv6.addresses = [ - { address = "2a01:4ff:1f0:d1a3::1"; prefixLength = 64; } - { address = "fe80::9400:3ff:fe98:d6dc"; prefixLength = 64; } + { + address = "2a01:4ff:1f0:d1a3::1"; + prefixLength = 64; + } + { + address = "fe80::9400:3ff:fe98:d6dc"; + prefixLength = 64; + } ]; - ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; - ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; + ipv4.routes = [{ + address = "172.31.1.1"; + prefixLength = 32; + }]; + ipv6.routes = [{ + address = "fe80::1"; + prefixLength = 128; + }]; }; }; + firewall.allowedTCPPorts = [ + 22 # ssh + 80 # nginx + 443 # nginx + ]; }; services.udev.extraRules = '' ATTR{address}=="96:00:03:98:d6:dc", NAME="eth0" |