foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 16:57:55 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/ni: enable nftables-based firewall

Browse Source
This commit is contained in:
Gabriel Arazas 2023-01-18 11:10:31 +08:00
parent 55547bddc7
commit 6ae080c68d
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
hosts/ni/default.nix
View File

@ -177,8 +177,25 @@ in
]; ];
}; };
# We'll go with a software firewall. We're mostly configuring it as if we're
# using a server even though the chances of that is pretty slim.
networking = {
nftables.enable = true;
firewall = {
enable = true;
allowedUDPPorts = [ wireguardPort ];
allowedTCPPorts = [
22 # Secure Shells.
80 # HTTP servers.
433 # HTTPS servers.
];
};
};
system.stateVersion = "22.11"; # Yes! I read the comment! system.stateVersion = "22.11"; # Yes! I read the comment!
# Trying to be very portable with LDAP.
users.ldap = { users.ldap = {
enable = true; enable = true;
base = "dc=foodogsquared,dc=one"; base = "dc=foodogsquared,dc=one";