summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2015-11-10 18:53:31 +0100
committermakefu <github@syntax-fehler.de>2015-11-10 18:53:31 +0100
commitb394c79051fbcf6cf072f2b9af75819d37cd2426 (patch)
tree43ada8203352d038d1f9eade80e62d94563e02c6
parent94a394539dc7876a027c5d06aa623e507d82781b (diff)
m 1 gum:update firewall
-rw-r--r--makefu/1systems/gum.nix26
1 files changed, 22 insertions, 4 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index a028145ce..3a010220e 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -13,18 +13,36 @@ in {
# ../2configs/iodined.nix
];
+
+ krebs.build.target = "root@gum.krebsco.de";
+ krebs.build.host = config.krebs.hosts.gum;
+
+ # Hardware
boot.loader.grub.device = "/dev/sda";
- boot.loader.grub.splashImage = null;
boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
boot.kernelModules = [ "kvm-intel" ];
- krebs.build.target = "root@gum.krebsco.de";
- krebs.build.host = config.krebs.hosts.gum;
+
+ # Network
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
networking = {
- firewall.allowPing = true;
+ firewall = {
+ allowPing = true;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ ];
+ };
interfaces.et0.ip4 = [{
address = external-ip;
prefixLength = 24;