diff options
author | makefu <github@syntax-fehler.de> | 2016-01-27 22:20:32 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-01-27 22:20:32 +0100 |
commit | 7d16f784d35855f0c6c669d85cde306011c9eb42 (patch) | |
tree | f4f6efa9c8534193bf799c949817e02d7c7b868e /1systems | |
parent | 3857c878da48bf96a8a4f322866f36a4e8b5d099 (diff) |
ma 1 omo: cleanup, fix firewalling
Diffstat (limited to '1systems')
-rw-r--r-- | 1systems/omo.nix | 29 |
1 files changed, 11 insertions, 18 deletions
diff --git a/1systems/omo.nix b/1systems/omo.nix index 9162f2ed4..19183fea8 100644 --- a/1systems/omo.nix +++ b/1systems/omo.nix @@ -31,11 +31,19 @@ in { ../2configs/nginx/omo-share.nix ../3modules ]; + networking.firewall.trustedInterfaces = [ "enp3s0" ]; + # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net + # tcp:80 - nginx for sharing files + # tcp:655 udp:655 - tinc + # tcp:8080 - sabnzbd + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + # services.openssh.allowSFTP = false; krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # samba share /media/crypt1/share - users.extraUsers.smbguest = { + users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; @@ -61,6 +69,7 @@ in { disable spoolss = yes ''; }; + # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/ services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -93,6 +102,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + # crypto unlocking boot = { initrd.luks = { devices = let @@ -123,23 +133,6 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ - # tinc - 655 - # samba - 137 138 - ]; - networking.firewall.allowedTCPPorts = [ - # nginx - 80 - # tinc - 655 - # samba - 445 139 - # sabnzbd - 8080 - ]; - hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; |