feat: sys-nix: change to udp port allowance

2022-11-23 21:25:13 -07:00 · 2022-11-23 21:25:13 -07:00 · fd480b029d
parent 9de22c1476 897660109d
commit fd480b029d
2 changed files with 17 additions and 5 deletions
--- a/system-nix/configuration.nix
+++ b/system-nix/configuration.nix
@ -91,9 +91,19 @@ with lib;
  # inherit networking;
  networking = networking // {
    firewall = {
-      trustedInterfaces = networking.firewall.trustedInterfaces or [] ++ [ "tailscale0" ];
-      allowedUDPPorts = networking.firewall.allowedUDPPorts or [] ++ [ config.services.tailscale.port ];
-      allowedTCPPorts = networking.firewall.allowedTCPPorts or [] ++ [ 22 ];
+      trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [
+        "tailscale0"
+      ];
+      allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [
+        config.services.tailscale.port
+      ];
+      allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [
+        22
+      ];
+      allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [
+        { from = 60000; to = 61000; } # mosh
+
+      ];
    };
  };

--- a/system-nix/flake.nix
+++ b/system-nix/flake.nix
@ -17,6 +17,10 @@
        specialArgs = {
          # includeHardware = false;
          hostname = "Felia";
+          services.openssh = {
+            permitRootLogin = "no";
+            enable = true;
+          };
        };
      };
      # Generic machine
@ -83,8 +87,6 @@
              prefixLength = 24;
            }];
            firewall.enable = true;
-            firewall.allowedTCPPorts = [ 22 ];
-            firewall.allowedUDPPorts = lib.range 60000 61000; # mosh
            useDHCP = false;
            interfaces.eth0.useDHCP = true;
          };