diff --git a/config/networking.nix b/config/networking.nix index 94e1671..e7a2912 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -5,14 +5,5 @@ let in { networking = { hostName = config.machine.hostName; - - firewall = { - enable = true; - allowPing = firewallcfg.allowPing; - allowedUDPPorts = firewallcfg.allowedUDPPorts; - allowedTCPPorts = firewallcfg.allowedTCPPorts; - allowedUDPPortRanges = firewallcfg.allowedUDPPortRanges; - allowedTCPPortRanges = firewallcfg.allowedTCPPortRanges; - }; }; } diff --git a/machines/CDServer/options.nix b/machines/CDServer/options.nix index b438cca..461deca 100644 --- a/machines/CDServer/options.nix +++ b/machines/CDServer/options.nix @@ -32,11 +32,10 @@ with lib; "openssh" ]; firewall = { + enable = true; allowPing = false; allowedUDPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 80 443 ]; - allowedUDPPortRanges = []; - allowedTCPPortRanges = []; }; }; } diff --git a/machines/DavidsServer/options.nix b/machines/DavidsServer/options.nix index 606b836..9c6a4c4 100644 --- a/machines/DavidsServer/options.nix +++ b/machines/DavidsServer/options.nix @@ -34,11 +34,10 @@ with lib; { domain = "mail.${base}"; service = "mail"; } ]); firewall = { + enable = true; allowPing = false; allowedUDPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 80 443 ]; - allowedUDPPortRanges = []; - allowedTCPPortRanges = []; }; }; } diff --git a/machines/Lilim/options.nix b/machines/Lilim/options.nix index 55c9065..e83af3b 100644 --- a/machines/Lilim/options.nix +++ b/machines/Lilim/options.nix @@ -36,9 +36,8 @@ with lib; "cups" ]; firewall = { + enable = true; allowPing = true; - allowedUDPPorts = []; - allowedTCPPorts = []; allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; }; diff --git a/machines/Ophanim/options.nix b/machines/Ophanim/options.nix index 1456973..716ff51 100644 --- a/machines/Ophanim/options.nix +++ b/machines/Ophanim/options.nix @@ -43,11 +43,10 @@ with lib; { domain = "git.${base}"; service = "gitea"; } ]); firewall = { + enable = true; allowPing = false; allowedUDPPorts = [ 22 80 443 ]; - allowedTCPPorts = [ 80 443 ]; # 5222 5269 ]; - allowedUDPPortRanges = []; - allowedTCPPortRanges = []; + allowedTCPPorts = [ 80 443 ]; }; }; config.services.mailman3 = { diff --git a/options/machine.nix b/options/machine.nix index 9fb3f1e..747a179 100644 --- a/options/machine.nix +++ b/options/machine.nix @@ -59,38 +59,6 @@ with lib; Domain - Service mappings for nginx vHost config. ''; }; - firewall = { - allowPing = mkOption { - type = types.bool; - description = '' - See networking.firewall.allowPing. - ''; - }; - allowedUDPPorts = mkOption { - type = types.listOf types.int; - description = '' - See networking.firewall.allowerdUDPPorts. - ''; - }; - allowedTCPPorts = mkOption { - type = types.listOf types.int; - description = '' - See networking.firewall.allowedTCPPorts. - ''; - }; - allowedUDPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.int); - description = '' - See networking.firewall.allowerdUDPPortRanges. - ''; - }; - allowedTCPPortRanges = mkOption { - type = types.listOf (types.attrsOf types.int); - description = '' - See networking.firewall.allowedTCPPortRanges. - ''; - }; - }; desktop.wms = mkOption { type = types.listOf types.string; default = []; @@ -99,4 +67,5 @@ with lib; ''; }; }; + imports = [(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])]; }