summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--makefu/1systems/gum.nix32
-rw-r--r--makefu/1systems/wry.nix9
3 files changed, 24 insertions, 19 deletions
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index e415d20ab..20aa385a9 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -89,9 +89,9 @@ let
};
restartIfChanged = true;
-
serviceConfig = {
Type = "simple";
+ restart = "always";
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
#!/bin/sh
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 44ab8c6f8..d8b7ed5f9 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -17,7 +17,6 @@ in {
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
-
# Chat
environment.systemPackages = with pkgs;[
weechat
@@ -34,21 +33,24 @@ in {
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
+ boot.kernelParams = [ "ipv6.disable=1" ];
networking = {
- firewall = {
- allowPing = true;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # tinc
- 655
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- ];
+ enableIPv6 = false;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ ];
};
interfaces.et0.ip4 = [{
address = external-ip;
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972fb..cd39b4b9f 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -59,9 +59,12 @@ in {
};
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 53 80 443 ];
- firewall.allowedUDPPorts = [ 655 ];
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ 53 80 443 ];
+ allowedUDPPorts = [ 655 ];
+ };
interfaces.enp2s1.ip4 = [{
address = external-ip;
prefixLength = 24;