feat: sys-nix: change to udp port allowance
commit
fd480b029d
|
@ -91,9 +91,19 @@ with lib;
|
|||
# inherit networking;
|
||||
networking = networking // {
|
||||
firewall = {
|
||||
trustedInterfaces = networking.firewall.trustedInterfaces or [] ++ [ "tailscale0" ];
|
||||
allowedUDPPorts = networking.firewall.allowedUDPPorts or [] ++ [ config.services.tailscale.port ];
|
||||
allowedTCPPorts = networking.firewall.allowedTCPPorts or [] ++ [ 22 ];
|
||||
trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [
|
||||
"tailscale0"
|
||||
];
|
||||
allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [
|
||||
config.services.tailscale.port
|
||||
];
|
||||
allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [
|
||||
22
|
||||
];
|
||||
allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [
|
||||
{ from = 60000; to = 61000; } # mosh
|
||||
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
specialArgs = {
|
||||
# includeHardware = false;
|
||||
hostname = "Felia";
|
||||
services.openssh = {
|
||||
permitRootLogin = "no";
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
# Generic machine
|
||||
|
@ -83,8 +87,6 @@
|
|||
prefixLength = 24;
|
||||
}];
|
||||
firewall.enable = true;
|
||||
firewall.allowedTCPPorts = [ 22 ];
|
||||
firewall.allowedUDPPorts = lib.range 60000 61000; # mosh
|
||||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue