Add additional service firewall rules

2 files changed, 17 insertions, 0 deletions

diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index 73f66fa..eb5aa11 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -42,6 +42,14 @@
     hostName = "darkstar";
     defaultGateway = "192.168.1.1";
     domain = "bitgnome.net";
+    firewall = {
+      allowedTCPPorts = [
+        53 # domain
+      ];
+      allowedUDPPorts = [
+        53 # domain
+      ];
+    };
     interfaces = {
       enp116s0 = {
         ipv4.addresses = [
diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix
index 90face3..323080c 100644
--- a/hosts/darkstar/services.nix
+++ b/hosts/darkstar/services.nix
@@ -1,4 +1,13 @@
 {
+  networking.nftables.tables.ntp = {
+    content = ''
+      define int_if = enp116s0
+      iifname $int_if udp dport ntp accept # 123
+    '';
+    enable = true;
+    family = inet;
+  };
+
   services.chrony = {
     enable = true;
     extraConfig = ''