derped/nixos
1
0
Fork 0
Code Releases Activity

Make config.machine.firewall an alias of networking.firewall.

Browse source
This commit is contained in:
Kevin Baensch 2019-08-27 16:24:59 +02:00
parent 5d017ce18f
commit be5ef36567
6 changed files with 6 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config/networking.nix
View file

@ -5,14 +5,5 @@ let
in { in {
networking = { networking = {
hostName = config.machine.hostName; hostName = config.machine.hostName;
firewall = {
enable = true;
allowPing = firewallcfg.allowPing;
allowedUDPPorts = firewallcfg.allowedUDPPorts;
allowedTCPPorts = firewallcfg.allowedTCPPorts;
allowedUDPPortRanges = firewallcfg.allowedUDPPortRanges;
allowedTCPPortRanges = firewallcfg.allowedTCPPortRanges;
};
}; };
} }

3
machines/CDServer/options.nix
View file

@ -32,11 +32,10 @@ with lib;
"openssh" "openssh"
]; ];
firewall = { firewall = {
enable = true;
allowPing = false; allowPing = false;
allowedUDPPorts = [ 22 80 443 ]; allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
}; };
}; };
} }

3
machines/DavidsServer/options.nix
View file

@ -34,11 +34,10 @@ with lib;
{ domain = "mail.${base}"; service = "mail"; } { domain = "mail.${base}"; service = "mail"; }
]); ]);
firewall = { firewall = {
enable = true;
allowPing = false; allowPing = false;
allowedUDPPorts = [ 22 80 443 ]; allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
}; };
}; };
} }

3
machines/Lilim/options.nix
View file

@ -36,9 +36,8 @@ with lib;
"cups" "cups"
]; ];
firewall = { firewall = {
enable = true;
allowPing = true; allowPing = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
}; };

5
machines/Ophanim/options.nix
View file

@ -43,11 +43,10 @@ with lib;
{ domain = "git.${base}"; service = "gitea"; } { domain = "git.${base}"; service = "gitea"; }
]); ]);
firewall = { firewall = {
enable = true;
allowPing = false; allowPing = false;
allowedUDPPorts = [ 22 80 443 ]; allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 80 443 ]; # 5222 5269 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
}; };
}; };
config.services.mailman3 = { config.services.mailman3 = {

33
options/machine.nix
View file

@ -59,38 +59,6 @@ with lib;
Domain - Service mappings for nginx vHost config. Domain - Service mappings for nginx vHost config.
''; '';
}; };
firewall = {
allowPing = mkOption {
type = types.bool;
description = ''
See networking.firewall.allowPing.
'';
};
allowedUDPPorts = mkOption {
type = types.listOf types.int;
description = ''
See networking.firewall.allowerdUDPPorts.
'';
};
allowedTCPPorts = mkOption {
type = types.listOf types.int;
description = ''
See networking.firewall.allowedTCPPorts.
'';
};
allowedUDPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int);
description = ''
See networking.firewall.allowerdUDPPortRanges.
'';
};
allowedTCPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int);
description = ''
See networking.firewall.allowedTCPPortRanges.
'';
};
};
desktop.wms = mkOption { desktop.wms = mkOption {
type = types.listOf types.string; type = types.listOf types.string;
default = []; default = [];
@ -99,4 +67,5 @@ with lib;
''; '';
}; };
}; };
imports = [(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])];
} }