firewall changes

2023-12-07 09:09:31 +01:00
parent 83a2a9cd46
commit 71191632d4
2 changed files with 5 additions and 15 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -139,6 +139,7 @@
              "infrastructure",
              "wg_cloonar",
              "smart",
+              "podman*",
              "multimedia"
            } udp dport { 53, 67, 68 } counter accept

@@ -148,6 +149,9 @@
            # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
            # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept

+            # Allow all returning traffic
+            ct state { established, related } counter accept
+

            # Allow returning traffic from wg_cloonar and drop everthing else
            iifname "wg_cloonar" ct state { established, related } counter accept
@@ -204,7 +208,7 @@
              "multimedia",
              "smart",
              "wg_cloonar",
-              "podman1",
+              "podman*",
            } oifname {
              "wan",
            } counter accept comment "Allow trusted LAN to WAN"
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -131,20 +131,6 @@ in
    labels = [
      "ubuntu-latest:docker://shivammathur/node:latest"
    ];
-    settings = {
-      runner = {
-        envs = {
-          DOCKER_DAEMON_CONFIG = ''
-            {
-              "dns": ["10.42.97.10"]
-            }           
-          '';
-        };
-      };
-      # container = {
-      #   options = "--network=server";
-      # };
-    };
  };

  # containers.git-runner = {