Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

firewall changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-07 09:09:31 +01:00
parent 83a2a9cd46
commit 71191632d4
2 changed files with 5 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hosts/fw.cloonar.com/modules/firewall.nix
View File

@@ -139,6 +139,7 @@
"infrastructure", "infrastructure",
"wg_cloonar", "wg_cloonar",
"smart", "smart",
"podman*",
"multimedia" "multimedia"
} udp dport { 53, 67, 68 } counter accept } udp dport { 53, 67, 68 } counter accept
@@ -148,6 +149,9 @@
# iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept
# iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept # iifname "multimedia" ip saddr <chromecast IP> udp dport { mdns, llmnr } counter accept
# Allow all returning traffic
ct state { established, related } counter accept
# Allow returning traffic from wg_cloonar and drop everthing else # Allow returning traffic from wg_cloonar and drop everthing else
iifname "wg_cloonar" ct state { established, related } counter accept iifname "wg_cloonar" ct state { established, related } counter accept
@@ -204,7 +208,7 @@
"multimedia", "multimedia",
"smart", "smart",
"wg_cloonar", "wg_cloonar",
"podman1", "podman*",
} oifname { } oifname {
"wan", "wan",
} counter accept comment "Allow trusted LAN to WAN" } counter accept comment "Allow trusted LAN to WAN"

14
hosts/fw.cloonar.com/modules/gitea.nix
View File

@@ -131,20 +131,6 @@ in
labels = [ labels = [
"ubuntu-latest:docker://shivammathur/node:latest" "ubuntu-latest:docker://shivammathur/node:latest"
]; ];
settings = {
runner = {
envs = {
DOCKER_DAEMON_CONFIG = ''
{
"dns": ["10.42.97.10"]
}
'';
};
};
# container = {
# options = "--network=server";
# };
};
}; };
# containers.git-runner = { # containers.git-runner = {