69 lines
1.5 KiB
Nix
69 lines
1.5 KiB
Nix
{
|
|
universal.modules = [
|
|
{
|
|
networking.firewall.enable = true;
|
|
networking.nftables.enable = true;
|
|
}
|
|
{
|
|
networking.firewall.interfaces.wg0 = {
|
|
# TODO: set up prometheus authentication, perhaps with a certificate. not *that* urgent because it's only on the wireguard netwrok, maybe it's not even needed at all -e
|
|
allowedTCPPorts = [
|
|
6703 # prometheus node exporter
|
|
];
|
|
allowedUDPPorts = [
|
|
6703 # prometheus node exporter
|
|
];
|
|
};
|
|
}
|
|
];
|
|
|
|
fructose.modules = [
|
|
{
|
|
networking.firewall = {
|
|
allowedUDPPorts = [];
|
|
allowedTCPPorts = [
|
|
3000 # forgejo web
|
|
8080 # gotosocial web
|
|
222 # forgejo ssh
|
|
];
|
|
};
|
|
}
|
|
];
|
|
|
|
glucose.modules = [
|
|
{
|
|
networking.firewall = {
|
|
allowedTCPPorts = [
|
|
64738 # murmur tcp
|
|
6700 # grafana web
|
|
6750 # prometheus
|
|
7893 # matrix/conduwuit
|
|
];
|
|
allowedUDPPorts = [
|
|
64738 # murmur udp
|
|
6700 # grafana web
|
|
6750 # prometheus data ap
|
|
7893 # matrix/conduwuit
|
|
];
|
|
};
|
|
}
|
|
];
|
|
|
|
aspartame.modules = [
|
|
{
|
|
services.fail2ban.enable = true;
|
|
networking.firewall = {
|
|
interfaces.eth0.allowedTCPPorts = [
|
|
80 # http
|
|
222 # forgejo ssh
|
|
443 # https
|
|
8448 # matrix/conduwuit port, i think ?
|
|
64738 # murmur tcp
|
|
];
|
|
interfaces.eth0.allowedUDPPorts = [
|
|
64738 # murmur udp
|
|
];
|
|
};
|
|
}
|
|
];
|
|
}
|