Make config.machine.firewall an alias of networking.firewall.

2019-08-27 16:24:59 +02:00 · 2019-08-27 16:24:59 +02:00 · be5ef36567
commit be5ef36567
parent 5d017ce18f
6 changed files with 6 additions and 50 deletions
--- a/machines/CDServer/options.nix
+++ b/machines/CDServer/options.nix
@ -32,11 +32,10 @@ with lib;
      "openssh"
    ];
    firewall = {
+      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
      allowedTCPPorts = [ 80 443 ];
-      allowedUDPPortRanges = [];
-      allowedTCPPortRanges = [];
    };
  };
 }
--- a/machines/DavidsServer/options.nix
+++ b/machines/DavidsServer/options.nix
@ -34,11 +34,10 @@ with lib;
      { domain = "mail.${base}"; service = "mail"; }
    ]);
    firewall = {
+      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
      allowedTCPPorts = [ 80 443 ];
-      allowedUDPPortRanges = [];
-      allowedTCPPortRanges = [];
    };
  };
 }
--- a/machines/Lilim/options.nix
+++ b/machines/Lilim/options.nix
@ -36,9 +36,8 @@ with lib;
      "cups"
    ];
    firewall = {
+      enable = true;
      allowPing = true;
-      allowedUDPPorts = [];
-      allowedTCPPorts = [];
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
    };
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@ -43,11 +43,10 @@ with lib;
      { domain = "git.${base}"; service = "gitea"; }
    ]);
    firewall = {
+      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
-      allowedTCPPorts = [ 80 443 ]; # 5222 5269 ];
-      allowedUDPPortRanges = [];
-      allowedTCPPortRanges = [];
+      allowedTCPPorts = [ 80 443 ];
    };
  };
  config.services.mailman3 = {