summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2015-11-15 20:18:35 +0100
committermakefu <github@syntax-fehler.de>2015-11-15 20:18:35 +0100
commitdcf55255e6b6cf216f493c28adad1909edf18d3d (patch)
treec10b716282e97507002d4764225d568911d7b4b1 /makefu
parent773a67a983cbe1928da6c524db24a25229a6f5fe (diff)
parente0ae8c1a3fe333de8a14b04b4a7e2dd01163b727 (diff)
Merge branch 'master' of pnp:stockholm
Diffstat (limited to 'makefu')
-rw-r--r--makefu/1systems/gum.nix32
-rw-r--r--makefu/1systems/wry.nix9
2 files changed, 23 insertions, 18 deletions
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 44ab8c6f8..d8b7ed5f9 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -17,7 +17,6 @@ in {
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
-
# Chat
environment.systemPackages = with pkgs;[
weechat
@@ -34,21 +33,24 @@ in {
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
+ boot.kernelParams = [ "ipv6.disable=1" ];
networking = {
- firewall = {
- allowPing = true;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # tinc
- 655
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- ];
+ enableIPv6 = false;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ ];
};
interfaces.et0.ip4 = [{
address = external-ip;
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972fb..cd39b4b9f 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -59,9 +59,12 @@ in {
};
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 53 80 443 ];
- firewall.allowedUDPPorts = [ 655 ];
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ 53 80 443 ];
+ allowedUDPPorts = [ 655 ];
+ };
interfaces.enp2s1.ip4 = [{
address = external-ip;
prefixLength = 24;