Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add vserver

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2023-12-04 13:11:05 +01:00
parent 70e9e79717
commit 35c8bbb1ac
2 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hosts/fw.cloonar.com/modules/firewall.nix
View file

@ -127,6 +127,7 @@
iifname {
"wan", # disable when final
"server",
"vserver",
"lan",
"wg_cloonar"
} counter accept
@ -135,8 +136,7 @@
iifname {
"lan",
"server",
"vb-*",
"podman0",
"vserver",
"infrastructure",
"wg_cloonar",
"smart",
@ -145,7 +145,7 @@
iifname {
"lan",
"server",
"podman0",
"vserver",
"vb-*",
"infrastructure",
"wg_cloonar",
@ -177,16 +177,15 @@
# lan and vpn to any
# TODO: disable wan when finished
iifname { "wan", "lan", "server", "vb-*", "podman0", "wg_cloonar" } oifname { "lan", "vb-*", "server", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept
iifname { "wan", "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
iifname { "infrastructure" } oifname { "server", "vserver" } counter accept
# Allow trusted network WAN access
iifname {
"lan",
"infrastructure",
"vb-*",
"server",
"podman0",
"vserver",
"multimedia",
"smart",
"wg_cloonar",

1
hosts/fw.cloonar.com/modules/unbound.nix
View file

@ -11,7 +11,6 @@
"10.42.98.0/24 allow"
"10.42.99.0/24 allow"
"10.42.101.0/24 allow"
"10.42.254.0/24 allow"
];
tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
local-zone = "\"cloonar.com\" transparent";