From d3a51a7a8e7beea94dd92bdc6ca7a17e6301d93f Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 27 Oct 2024 10:46:20 -0700 Subject: move firewall configuration to the network module --- nix/hosts/wildcat/configuration.nix | 8 -------- nix/hosts/wildcat/default.nix | 10 +++++----- nix/hosts/wildcat/networking.nix | 39 +++++++++++++++++++++++++------------ 3 files changed, 32 insertions(+), 25 deletions(-) (limited to 'nix') diff --git a/nix/hosts/wildcat/configuration.nix b/nix/hosts/wildcat/configuration.nix index d7ab350..7143ad8 100644 --- a/nix/hosts/wildcat/configuration.nix +++ b/nix/hosts/wildcat/configuration.nix @@ -1,12 +1,4 @@ { lib, pkgs, ... }: { - networking = { - firewall.allowedTCPPorts = [ - # nginx - 80 - 443 - ]; - }; - security.acme = { defaults.email = "acme@fcuny.net"; acceptTerms = true; diff --git a/nix/hosts/wildcat/default.nix b/nix/hosts/wildcat/default.nix index fcaad82..7bde471 100644 --- a/nix/hosts/wildcat/default.nix +++ b/nix/hosts/wildcat/default.nix @@ -1,18 +1,18 @@ { ... }: { - imports = [ - ./hardware.nix - ./networking.nix - ./configuration.nix - ]; + imports = [ ./hardware.nix ./networking.nix ./configuration.nix ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; + networking.hostName = "fcuny"; networking.domain = "net"; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" ]; + system.stateVersion = "23.11"; } diff --git a/nix/hosts/wildcat/networking.nix b/nix/hosts/wildcat/networking.nix index 1199113..c0b4bd0 100644 --- a/nix/hosts/wildcat/networking.nix +++ b/nix/hosts/wildcat/networking.nix @@ -2,11 +2,8 @@ # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ - "2a01:4ff:ff00::add:2" - "2a01:4ff:ff00::add:1" - "185.12.64.1" - ]; + nameservers = + [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; @@ -16,18 +13,36 @@ usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { - ipv4.addresses = [ - { address = "5.78.87.68"; prefixLength = 32; } - ]; + ipv4.addresses = [{ + address = "5.78.87.68"; + prefixLength = 32; + }]; ipv6.addresses = [ - { address = "2a01:4ff:1f0:d1a3::1"; prefixLength = 64; } - { address = "fe80::9400:3ff:fe98:d6dc"; prefixLength = 64; } + { + address = "2a01:4ff:1f0:d1a3::1"; + prefixLength = 64; + } + { + address = "fe80::9400:3ff:fe98:d6dc"; + prefixLength = 64; + } ]; - ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; - ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; + ipv4.routes = [{ + address = "172.31.1.1"; + prefixLength = 32; + }]; + ipv6.routes = [{ + address = "fe80::1"; + prefixLength = 128; + }]; }; }; + firewall.allowedTCPPorts = [ + 22 # ssh + 80 # nginx + 443 # nginx + ]; }; services.udev.extraRules = '' ATTR{address}=="96:00:03:98:d6:dc", NAME="eth0" -- cgit 1.4.1