initial commit. after fucking it up once

2024-11-03 19:50:18 +02:00 · 2024-11-03 19:50:18 +02:00 · b7cea98e99
commit b7cea98e99
48 changed files with 3437 additions and 0 deletions
--- a/services/website/website-firewall.mod.nix
+++ b/services/website/website-firewall.mod.nix
@ -0,0 +1,19 @@
+{
+  aspartame.modules = [
+    ({
+      services.fail2ban.enable = true;
+      networking.firewall = {
+        interfaces.eth0.allowedTCPPorts = [
+          80
+          222 # this is for forgejo
+          443
+        ];
+      };
+    })
+  ];
+  fructose.modules = [
+    {
+      networking.firewall.interfaces.eth0.allowedTCPPorts = [ 222 ]; # when someones tries to ssh to forgejo, it goes -> aspartame -> fructose -> forgejo-container --- so fructose also needs this port open.
+    }
+  ];
+}