aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-06-19 16:01:35 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-06-19 16:01:35 -0700
commita8a783ae9c57906a88c2ad7945476989e5ae2730 (patch)
treeb4981691e1f03d7bad99215574eb0cdd6a4d039b
parentbf56980cf0a2307b3814c86a08a54e2be6dd3d56 (diff)
downloadnix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar
nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.gz
nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.bz2
nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.lz
nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.xz
nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.tar.zst
nix-a8a783ae9c57906a88c2ad7945476989e5ae2730.zip
Adjust firewall rules
Diffstat (limited to '')
-rw-r--r--hosts/common/optional/services/asterisk.nix4
-rw-r--r--hosts/darkstar/default.nix8
-rw-r--r--hosts/darkstar/services.nix23
3 files changed, 16 insertions, 19 deletions
diff --git a/hosts/common/optional/services/asterisk.nix b/hosts/common/optional/services/asterisk.nix
index 0ea66cd..d638a3c 100644
--- a/hosts/common/optional/services/asterisk.nix
+++ b/hosts/common/optional/services/asterisk.nix
@@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
{
+ networking.firewall.interfaces.enp116s0.allowedUDPPorts = [
+ 5060 # sip
+ ];
+
services.asterisk = {
confFiles = {
"cdr.conf" = ''
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index e7ec09c..0c4596b 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -44,14 +44,6 @@
hostName = "darkstar";
#defaultGateway = "192.168.1.1";
domain = "bitgnome.net";
- firewall = {
- allowedTCPPorts = [
- 53 # domain
- ];
- allowedUDPPorts = [
- 53 # domain
- ];
- };
interfaces = {
enp116s0 = {
ipv4.addresses = [
diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix
index 16a945d..67bfc1b 100644
--- a/hosts/darkstar/services.nix
+++ b/hosts/darkstar/services.nix
@@ -1,15 +1,16 @@
{
- networking.nftables.tables.ntp = {
- content = ''
- define int_if = enp116s0
-
- chain input {
- type filter hook input priority filter - 1; policy accept;
- iifname $int_if udp dport ntp accept # 123
- }
- '';
- enable = true;
- family = "inet";
+ networking = {
+ firewall = {
+ allowedTCPPorts = [
+ 53 # domain
+ ];
+ allowedUDPPorts = [
+ 53 # domain
+ ];
+ interfaces.enp116s0.allowedUDPPorts = [
+ 123 # ntp
+ ];
+ };
};
services.chrony = {