Merge branch 'master' of pnp:stockholm

2015-11-15 20:18:35 +01:00 · 2015-11-15 20:18:35 +01:00 · dcf55255e6
commit dcf55255e6
parent 773a67a983 e0ae8c1a3f
3 changed files with 24 additions and 19 deletions
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@ -89,9 +89,9 @@ let
      };
      restartIfChanged = true;
      serviceConfig = {
        Type = "simple";
        restart = "always";
        ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
          #!/bin/sh
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@ -17,7 +17,6 @@ in {
  krebs.build.target = "root@gum.krebsco.de";
  krebs.build.host = config.krebs.hosts.gum;
  # Chat
  environment.systemPackages = with pkgs;[
    weechat
@ -34,21 +33,24 @@ in {
  services.udev.extraRules = ''
    SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
  '';
  boot.kernelParams = [ "ipv6.disable=1" ];
  networking = {
-  firewall = {
+    enableIPv6 = false;
-      allowPing = true;
+    firewall = {
-      allowedTCPPorts = [
+        allowPing = true;
-        # smtp
+        logRefusedConnections = false;
-        25
+        allowedTCPPorts = [
-        # http
+          # smtp
-        80 443
+          25
-        # tinc
+          # http
-        655
+          80 443
-      ];
+          # tinc
-      allowedUDPPorts = [
+          655
-        # tinc
+        ];
-        655 53
+        allowedUDPPorts = [
-      ];
+          # tinc
          655 53
        ];
    };
    interfaces.et0.ip4 = [{
      address = external-ip;
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@ -59,9 +59,12 @@ in {
  };
  networking = {
-    firewall.allowPing = true;
+  firewall = {
-    firewall.allowedTCPPorts = [ 53 80 443 ];
+      allowPing = true;
-    firewall.allowedUDPPorts = [ 655 ];
+      logRefusedConnections = false;
      allowedTCPPorts = [ 53 80 443 ];
      allowedUDPPorts = [ 655 ];
    };
    interfaces.enp2s1.ip4 = [{
      address = external-ip;
      prefixLength = 24;