From f7d70845e8fc0d59fc4645b2667c3bf0ed8e9a29 Mon Sep 17 00:00:00 2001 From: Nickiel12 Date: Thu, 11 Jan 2024 18:19:01 -0800 Subject: [PATCH] moved firewall to dedicated file --- hosts/Alaska/default.nix | 5 +---- hosts/Alaska/modules/firewall.nix | 17 +++++++++++++++++ hosts/Alaska/modules/forgejo.nix | 4 ++++ 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 hosts/Alaska/modules/firewall.nix diff --git a/hosts/Alaska/default.nix b/hosts/Alaska/default.nix index e33c162..602173a 100644 --- a/hosts/Alaska/default.nix +++ b/hosts/Alaska/default.nix @@ -9,6 +9,7 @@ ./configuration.nix ./hardware-configuration.nix ./modules/dnsmasq.nix + ./modules/firewall.nix ./modules/forgejo.nix ./modules/headscale.nix ./modules/msmtp.nix @@ -74,10 +75,6 @@ # Lazy IPv6 connectivity for the container enableIPv6 = true; }; - firewall = { - enable = true; - allowedTCPPorts = [80 443 3001 5432]; # port 3001 opened to allow git traffic on the local netword - }; }; services.jellyfin = { diff --git a/hosts/Alaska/modules/firewall.nix b/hosts/Alaska/modules/firewall.nix new file mode 100644 index 0000000..c0edb27 --- /dev/null +++ b/hosts/Alaska/modules/firewall.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ...}: + +let +in +{ + networking.firewall = { + enable = true; + allowedTCPPorts = [80 443 5432]; + + extraCommands = with pkgs.lib; '' + # ${pkgs.nftables}/bin/nft -f - <