diff options
| author | Max Audron <audron@cocaine.farm> | 2025-07-30 16:53:40 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2025-07-30 16:53:40 +0200 |
| commit | 80abf0577c962e8d5a71e586f020953f939d90c6 (patch) | |
| tree | dac85c2a5d5d99cbb2fb61824924ddbe8a113042 /modules/common | |
| parent | add initial prometheus deployment (diff) | |
enable firewalls
Diffstat (limited to 'modules/common')
| -rw-r--r-- | modules/common/default.nix | 2 | ||||
| -rw-r--r-- | modules/common/networking.nix | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/modules/common/default.nix b/modules/common/default.nix index 4a2bfd3..ed45914 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -20,10 +20,10 @@ nixpkgs.config.allowUnfree = true; # Security - networking.firewall.enable = false; security.sudo.wheelNeedsPassword = false; services.openssh = { enable = true; + openFirewall = true; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 63c0d89..0a7b3f7 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -11,6 +11,13 @@ dhcpcd.extraConfig = '' nohook resolv.conf ''; + + firewall = { + enable = true; + trustedInterfaces = ["wg0"]; + allowedTCPPorts = [ 80 443 ]; + }; + nftables.enable = true; }; systemd.services = { |