Ittihadyya/adyya-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed a glaring vulnerability, thank god i caught this -e
Some checks failed
/ Check formatting (push) Failing after 2s
Details

Browse source
This commit is contained in:
Ittihadyya 2024-12-20 21:23:12 +02:00
parent 806a34cf0e
commit 80e93f98b3
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cluster/virtualisation.mod.nix
View file

@ -8,14 +8,18 @@
]; ];
sucrose.modules = [ sucrose.modules = [
( (
{pkgs, config, ...}: { {
pkgs,
config,
...
}: {
environment.systemPackages = [pkgs.podman-compose]; environment.systemPackages = [pkgs.podman-compose];
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
podman = { podman = {
enable = true; enable = true;
dockerCompat = false; dockerCompat = false;
defaultNetwork.settings.dns_enabled = (config.networking.hostName == "glucose"); # TODO: fix this stupid shit ssometime -e defaultNetwork.settings.dns_enabled = config.networking.hostName == "glucose"; # TODO: fix this stupid shit ssometime -e
}; };
oci-containers.backend = "podman"; oci-containers.backend = "podman";
}; };

9
networking/firewall.mod.nix
View file

@ -1,8 +1,13 @@
{ {
universal.modules = [ universal.modules = [
{ ({
networking.firewall.enable = true; networking.firewall.enable = true;
networking.nftables.enable = true; networking.nftables.enable = true;
})
({lib, config, ...}: lib.mkIf (
config.networking.hostName != "aspartame" # open ports for data collection on everything EXCEPT aspartame, as that would be stupid, considering it is literally public facing. TODO: set up prometheus authentication, perhaps with a certificate. -e
)
{
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
6703 6703
@ -11,7 +16,7 @@
6703 6703
]; ];
}; };
} })
]; ];
fructose.modules = [ fructose.modules = [