makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

m 1 gum: disable ipv6, open up fw

Browse source
This commit is contained in:
makefu 2015-11-13 12:24:29 +01:00
parent 222d959ee4
commit 525dff002e
1 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
makefu/1systems/gum.nix
View file

@ -16,7 +16,6 @@ in {
krebs.build.target = "root@gum.krebsco.de"; krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum; krebs.build.host = config.krebs.hosts.gum;
# Chat # Chat
environment.systemPackages = with pkgs;[ environment.systemPackages = with pkgs;[
weechat weechat
@ -33,21 +32,24 @@ in {
services.udev.extraRules = '' services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
''; '';
boot.kernelParams = [ "ipv6.disable=1" ];
networking = { networking = {
firewall = { enableIPv6 = false;
allowPing = true; firewall = {
allowedTCPPorts = [ allowPing = true;
# smtp logRefusedConnections = false;
25 allowedTCPPorts = [
# http # smtp
80 443 25
# tinc # http
655 80 443
]; # tinc
allowedUDPPorts = [ 655
# tinc ];
655 53 allowedUDPPorts = [
]; # tinc
655 53
];
}; };
interfaces.et0.ip4 = [{ interfaces.et0.ip4 = [{
address = external-ip; address = external-ip;