From 955088a064ae9838f37cf8a318c951849ee4d9a4 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Thu, 13 Jun 2024 01:23:27 -0700 Subject: Add additional service firewall rules --- hosts/darkstar/default.nix | 8 ++++++++ hosts/darkstar/services.nix | 9 +++++++++ 2 files changed, 17 insertions(+) (limited to 'hosts') diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 73f66fa..eb5aa11 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -42,6 +42,14 @@ hostName = "darkstar"; defaultGateway = "192.168.1.1"; domain = "bitgnome.net"; + firewall = { + allowedTCPPorts = [ + 53 # domain + ]; + allowedUDPPorts = [ + 53 # domain + ]; + }; interfaces = { enp116s0 = { ipv4.addresses = [ diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 90face3..323080c 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -1,4 +1,13 @@ { + networking.nftables.tables.ntp = { + content = '' + define int_if = enp116s0 + iifname $int_if udp dport ntp accept # 123 + ''; + enable = true; + family = inet; + }; + services.chrony = { enable = true; extraConfig = '' -- cgit v1.2.3