diff options
-rw-r--r-- | krebs/3modules/tinc_graphs.nix | 2 | ||||
-rw-r--r-- | makefu/1systems/gum.nix | 32 | ||||
-rw-r--r-- | makefu/1systems/wry.nix | 9 |
3 files changed, 24 insertions, 19 deletions
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index e415d20ab..20aa385a9 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -89,9 +89,9 @@ let }; restartIfChanged = true; - serviceConfig = { Type = "simple"; + restart = "always"; ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' #!/bin/sh diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 44ab8c6f8..d8b7ed5f9 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -17,7 +17,6 @@ in { krebs.build.target = "root@gum.krebsco.de"; krebs.build.host = config.krebs.hosts.gum; - # Chat environment.systemPackages = with pkgs;[ weechat @@ -34,21 +33,24 @@ in { services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" ''; + boot.kernelParams = [ "ipv6.disable=1" ]; networking = { - firewall = { - allowPing = true; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # tinc - 655 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - ]; + enableIPv6 = false; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # tinc + 655 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + ]; }; interfaces.et0.ip4 = [{ address = external-ip; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index ba94972fb..cd39b4b9f 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -59,9 +59,12 @@ in { }; networking = { - firewall.allowPing = true; - firewall.allowedTCPPorts = [ 53 80 443 ]; - firewall.allowedUDPPorts = [ 655 ]; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ 53 80 443 ]; + allowedUDPPorts = [ 655 ]; + }; interfaces.enp2s1.ip4 = [{ address = external-ip; prefixLength = 24; |