Merge branch 'master' of pnp:stockholm

krebs/3modules/tinc_graphs.nix

@@ -89,9 +89,9 @@ let
       };
 
       restartIfChanged = true;
-
       serviceConfig = {
         Type = "simple";
+        restart = "always";
 
         ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
           #!/bin/sh

makefu/1systems/gum.nix

@@ -17,7 +17,6 @@ in {
 
   krebs.build.target = "root@gum.krebsco.de";
   krebs.build.host = config.krebs.hosts.gum;
-
   # Chat
   environment.systemPackages = with pkgs;[
     weechat
@@ -34,21 +33,24 @@ in {
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
   '';
+  boot.kernelParams = [ "ipv6.disable=1" ];
   networking = {
-  firewall = {
-      allowPing = true;
-      allowedTCPPorts = [
-        # smtp
-        25
-        # http
-        80 443
-        # tinc
-        655
-      ];
-      allowedUDPPorts = [
-        # tinc
-        655 53
-      ];
+    enableIPv6 = false;
+    firewall = {
+        allowPing = true;
+        logRefusedConnections = false;
+        allowedTCPPorts = [
+          # smtp
+          25
+          # http
+          80 443
+          # tinc
+          655
+        ];
+        allowedUDPPorts = [
+          # tinc
+          655 53
+        ];
     };
     interfaces.et0.ip4 = [{
       address = external-ip;

makefu/1systems/wry.nix

@@ -59,9 +59,12 @@ in {
   };
 
   networking = {
-    firewall.allowPing = true;
-    firewall.allowedTCPPorts = [ 53 80 443 ];
-    firewall.allowedUDPPorts = [ 655 ];
+  firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedTCPPorts = [ 53 80 443 ];
+      allowedUDPPorts = [ 655 ];
+    };
     interfaces.enp2s1.ip4 = [{
       address = external-ip;
       prefixLength = 24;