nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only enable the firewall if there's an external interface specified

Browse Source
This commit is contained in:
Root 2021-04-12 14:53:55 -07:00
parent 9d3808fe2d
commit 4a7c4a9469
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/fudo/hosts.nix
View File

@ -119,6 +119,12 @@ let
description = "SSH public keys used to access the build server."; description = "SSH public keys used to access the build server.";
default = [ ]; default = [ ];
}; };
external-interfaces = mkOption {
type = listOf str;
description = "A list of interfaces on which to enable the firewall.";
default = [ ];
};
}; };
}; };
@ -155,6 +161,11 @@ in {
"127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ];
"::1" = [ "${hostname}.${domain-name}" "${hostname}" ]; "::1" = [ "${hostname}.${domain-name}" "${hostname}" ];
}; };
firewall = {
enable = (length host-cfg.external-interfaces) > 0;
allowedTCPPorts = [ 22 ];
};
}; };
environment.etc.hosts = mkForce { environment.etc.hosts = mkForce {