nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ugh...too many configs

This commit is contained in:
Root 2021-04-12 15:31:55 -07:00
parent 3181332bda
commit d9aa06e675
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
config/host-config/limina.nix
View File

@ -20,13 +20,9 @@ in {
"openssh-with-gssapi-8.4p1" # CVE-2021-28041 "openssh-with-gssapi-8.4p1" # CVE-2021-28041
]; ];
networking = {
firewall = {
enable = true;
trustedInterfaces = [ "intif0" "intif1" "intif2" "lo" ];
allowedTCPPorts = [ 22 ];
};
networking = {
interfaces = { interfaces = {
enp1s0 = { useDHCP = true; }; enp1s0 = { useDHCP = true; };
@ -41,14 +37,25 @@ in {
intif2 = { useDHCP = false; }; intif2 = { useDHCP = false; };
}; };
# FIXME: this should be automatic
firewall.trustedInterfaces = [
"intif0"
"intif1"
"intif2"
"lo"
"docker0"
];
nat = { nat = {
enable = true; enable = true;
externalInterface = "enp1s0"; externalInterface = "enp1s0";
internalInterfaces = [ "intif0" ]; internalInterfaces = [ "intif0" "intif1" "intif2" ];
}; };
}; };
fudo = { fudo = {
hosts.limina.external-interfaces = [ "enp1s0" ];
local-network = { local-network = {
enable = true; enable = true;
domain = domain-name; domain = domain-name;

2
config/profile-config/common.nix
View File

@ -56,7 +56,7 @@ in {
}; };
fail2ban = { fail2ban = {
enable = true; enable = config.networking.firewall.enable;
bantime-increment.enable = true; bantime-increment.enable = true;
}; };

1
lib/fudo/hosts/local-network.nix
View File

@ -6,6 +6,7 @@ with lib;
let let
cfg = config.fudo.hosts.local-network; cfg = config.fudo.hosts.local-network;
# FIXME: this isn't used, is it?
gatewayServerOpts = { ... }: { gatewayServerOpts = { ... }: {
options = { options = {
enable = mkEnableOption "Turn this host into a network gateway."; enable = mkEnableOption "Turn this host into a network gateway.";