ctucx.git: nixfiles

ctucx' nixfiles

commit e2f36d89d87ecf75de767be3208f25b9c334c05e
parent 1f3d745088f45691a2a27659a528ece0c54fc9aa
Author: Leah (ctucx) <git@ctu.cx>
Date: Wed, 18 Jan 2023 12:56:28 +0100

machines/lollo[firewall]: allow everything from local

1 file changed, 10 insertions(+), 1 deletion(-)
M
machines/lollo/configuration.nix
|
11
++++++++++-
diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix
@@ -61,7 +61,7 @@
 
         ip link set dev eno1 up
         ip addr add 2a0f:4ac0:acab::42/128 dev eno1
-        ip route add default via fe80::1afd:74ff:fe3b:8a10 dev eno1 onlink
+        ip route add default via 2a0f:4ac0:acab::1 dev eno1 onlink
 
         ip addr add 195.39.246.42/28 dev eno1
         ip addr add 10.0.0.42/8 dev eno1

@@ -83,6 +83,7 @@
     defaultGateway  = "195.39.246.41";
     defaultGateway6 = {
       address   = "2a0f:4ac0:acab::1";
+      interface = "eno1";
     };
 
     interfaces.eno1 = {

@@ -106,6 +107,14 @@
     firewall.enable = true;
     firewall.allowedTCPPorts = [ 5201 ];
     firewall.allowedUDPPorts = [ 5201 ];
+    firewall.extraCommands = ''
+      iptables  -A nixos-fw -p tcp -s 10.0.0.0/8 -j nixos-fw-accept
+      iptables  -A nixos-fw -p udp -s 10.0.0.0/8 -j nixos-fw-accept
+      iptables  -A nixos-fw -p tcp -s 195.39.246.32/28 -j nixos-fw-accept
+      iptables  -A nixos-fw -p udp -s 195.39.246.32/28 -j nixos-fw-accept
+      ip6tables -A nixos-fw -p tcp -s 2a0f:4ac0:acab::/62 -j nixos-fw-accept
+      ip6tables -A nixos-fw -p udp -s 2a0f:4ac0:acab::/62 -j nixos-fw-accept
+    '';
   };
 
   environment.persistence."/nix/persist" = {