Enable firewall everywhere
This commit is contained in:
parent
f5cbfda5d1
commit
f7dc0c3986
GPG Key ID:
3AF5A43A3EECC2E5
|
|
@ -107,7 +107,6 @@ in
|
||||||
hostName = "dacbert"; # Define your hostname.
|
hostName = "dacbert"; # Define your hostname.
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
firewall.enable = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,6 @@ in {
|
||||||
networking.hostName = "freifunk";
|
networking.hostName = "freifunk";
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
networking.firewall.enable = false;
|
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# This doesn't really work, hence the `extraCommands`
|
# This doesn't really work, hence the `extraCommands`
|
||||||
|
|
|
||||||
|
|
@ -8,10 +8,7 @@
|
||||||
mem = 1024;
|
mem = 1024;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "gnunet";
|
||||||
hostName = "gnunet";
|
|
||||||
firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.gnunet = {
|
services.gnunet = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -145,7 +145,6 @@ in
|
||||||
networking = {
|
networking = {
|
||||||
hostId = "3f0c4ec4";
|
hostId = "3f0c4ec4";
|
||||||
hostName = "hydra";
|
hostName = "hydra";
|
||||||
firewall.enable = false;
|
|
||||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
# nat = {
|
# nat = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
|
|
|
||||||
|
|
@ -15,24 +15,25 @@ in
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "jabber";
|
hostName = "jabber";
|
||||||
firewall.allowedTCPPorts = [
|
firewall = {
|
||||||
# Prosody
|
allowedTCPPorts = [
|
||||||
5222
|
# Prosody
|
||||||
5223
|
5222
|
||||||
5269
|
5223
|
||||||
80
|
5269
|
||||||
5280
|
80
|
||||||
443
|
5280
|
||||||
5281
|
443
|
||||||
# Coturn
|
5281
|
||||||
3478
|
# Coturn
|
||||||
3479
|
3478
|
||||||
];
|
3479
|
||||||
firewall.allowedUDPPorts = [
|
];
|
||||||
# Coturn
|
allowedUDPPorts = [
|
||||||
3478
|
# Coturn
|
||||||
3479
|
3478
|
||||||
];
|
3479
|
||||||
|
];
|
||||||
# TODO: allowedSCTPPorts
|
# TODO: allowedSCTPPorts
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,11 +32,7 @@ in {
|
||||||
"/${export}".options = [ "relatime" "discard" ];
|
"/${export}".options = [ "relatime" "discard" ];
|
||||||
}) {} nfsExports;
|
}) {} nfsExports;
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "nfsroot";
|
||||||
hostName = "nfsroot";
|
|
||||||
|
|
||||||
firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,6 @@
|
||||||
{ tftproots, pkgs, ... }:
|
{ tftproots, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking.firewall.enable = false;
|
|
||||||
|
|
||||||
# raspberrypi boot
|
# raspberrypi boot
|
||||||
services.atftpd = {
|
services.atftpd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -20,10 +20,7 @@
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "nncp";
|
||||||
hostName = "nncp";
|
|
||||||
firewall.enable = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.nncp = {
|
programs.nncp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -98,7 +98,6 @@
|
||||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||||
}];
|
}];
|
||||||
defaultGateway = "172.20.73.1";
|
defaultGateway = "172.20.73.1";
|
||||||
firewall.enable = false;
|
|
||||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,6 @@
|
||||||
hostName = "rpi-netboot";
|
hostName = "rpi-netboot";
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
firewall.enable = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
|
|
|
||||||
|
|
@ -28,10 +28,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [ 22 ];
|
|
||||||
};
|
|
||||||
hostName = "server10";
|
hostName = "server10";
|
||||||
# TODO: change that to something more random
|
# TODO: change that to something more random
|
||||||
hostId = "10101010";
|
hostId = "10101010";
|
||||||
|
|
|
||||||
|
|
@ -3,15 +3,9 @@ _:
|
||||||
{
|
{
|
||||||
c3d2.deployment.server = "server10";
|
c3d2.deployment.server = "server10";
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "spaceapi";
|
||||||
firewall.enable = false;
|
|
||||||
hostName = "spaceapi";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.spaceapi.enable = true;
|
services.spaceapi.enable = true;
|
||||||
|
|
||||||
# HACK for ‘ekg-json-0.1.0.6’ nixos-22.05
|
|
||||||
# nixpkgs.config.allowBroken = true;
|
|
||||||
|
|
||||||
system.stateVersion = "19.03";
|
system.stateVersion = "19.03";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue