blahai/nyx
1
0
Fork 0
mirror of https://github.com/blahai/nyx.git synced 2025-02-23 11:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity

Networking: add ssh and more firewall rules

Browse source
This commit is contained in:
blahai 2025-01-27 16:07:24 +02:00
parent 6fc5cef4cb
commit 2a57b163e6
Signed by: blahai
SSH key fingerprint: SHA256:ZfCryi+V64yG+vC1ZIIsqgvBCmA31tTi7RJ6M8CvpRc
3 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
modules/nixos/networking/firewall/default.nix
View file

@ -1,5 +1,30 @@
{ {
pkgs,
lib,
...
}: let
inherit (lib.modules) mkForce;
in {
imports = [ imports = [
./fail2ban.nix ./fail2ban.nix
]; ];
config = {
networking.firewall = {
enable = true;
package = pkgs.iptables;
allowedTCPPorts = [
443
80
];
allowedUDPPorts = [];
# make a much smaller and easier to read log
logReversePathDrops = true;
logRefusedConnections = false;
checkReversePath = mkForce false;
};
};
} }

1
modules/nixos/networking/ssh.nix
View file

@ -1,7 +1,6 @@
{...}: { {...}: {
services.openssh = { services.openssh = {
enable = true; enable = true;
startWhenNeeded = true;
settings = { settings = {
PermitRootLogin = "no"; PermitRootLogin = "no";
PasswordAuthentication = false; PasswordAuthentication = false;

2
systems/theia/networking.nix
View file

@ -5,8 +5,6 @@ in {
enableIPv6 = true; enableIPv6 = true;
firewall = { firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
80 # HTTP
443 # HTTPS
25565 # minecraft 25565 # minecraft
25566 # minecraft 25566 # minecraft
25567 # minecraft 25567 # minecraft