m 1 gum:update firewall

author: makefu <github@syntax-fehler.de> 2015-11-10 18:53:31 +0100
committer: makefu <github@syntax-fehler.de> 2015-11-10 18:53:31 +0100
commit: 1136c6b10e3d12835ef796a031103b78d278f2c0 (patch)
tree: f0034654f6160f060bb06d7e6d56d0452af7f5be
parent: b6a8ddfec71059580f7a35e75fcff9cb6398e7d8 (diff)
1 files changed, 22 insertions, 4 deletions
diff --git a/1systems/gum.nix b/1systems/gum.nix
index a028145ce..3a010220e 100644
--- a/1systems/gum.nix
+++ b/1systems/gum.nix
@@ -13,18 +13,36 @@ in {
       # ../2configs/iodined.nix
 
   ];
+
+  krebs.build.target = "root@gum.krebsco.de";
+  krebs.build.host = config.krebs.hosts.gum;
+
+  # Hardware
   boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.splashImage = null;
   boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
   boot.kernelModules = [ "kvm-intel" ];
-  krebs.build.target = "root@gum.krebsco.de";
-  krebs.build.host = config.krebs.hosts.gum;
+
+  # Network
 
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
   '';
   networking = {
-    firewall.allowPing = true;
+  firewall = {
+      allowPing = true;
+      allowedTCPPorts = [
+        # smtp
+        25
+        # http
+        80 443
+        # tinc
+        655
+      ];
+      allowedUDPPorts = [
+        # tinc
+        655 53
+      ];
+    };
     interfaces.et0.ip4 = [{
       address = external-ip;
       prefixLength = 24;
author	makefu <github@syntax-fehler.de>	2015-11-10 18:53:31 +0100
committer	makefu <github@syntax-fehler.de>	2015-11-10 18:53:31 +0100
commit	1136c6b10e3d12835ef796a031103b78d278f2c0 (patch)
tree	f0034654f6160f060bb06d7e6d56d0452af7f5be
parent	b6a8ddfec71059580f7a35e75fcff9cb6398e7d8 (diff)