peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Firewall ports named, removed unused services

Browse Source
This commit is contained in:
Giulio De Pasquale 2022-08-25 15:09:36 +02:00
parent ad9b9b2e02
commit f2aefa3fb7
1 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
hosts/architect/firewall.nix
View File

@ -3,28 +3,45 @@
with import ./network.nix; with import ./network.nix;
let let
# TCP services
ssh_tcp = 22;
http_tcp = 80;
https_tcp = 443;
synapse_tcp = 8448;
gitea_tcp = 10022;
prosody_tcp = 5222;
minecraft_tcp = 25565;
# UDP services
dns_udp = 53;
wireguard_udp = 1194;
# TCP/UDP services
transmission = 51413;
# grouping
open_tcp_ports = lib.concatMapStringsSep "," (x: toString x) [ open_tcp_ports = lib.concatMapStringsSep "," (x: toString x) [
22 # ssh ssh_tcp
80 # http http_tcp
443 # https https_tcp
8448 # matrix synapse_tcp
10022 # gitea gitea_tcp
18080 # monero transmission
51413 # transmission
]; ];
open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
1194 # wireguard wireguard_udp
51413 # transmission transmission
]; ];
open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [ open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
22 ssh_tcp
80 http_tcp
443 https_tcp
32400 # plex prosody_tcp
minecraft_tcp
]; ];
open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [ open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
53 # dns dns_udp
1194 # vpn wireguard_udp
]; ];
in { in {