dennis/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configures IP-based access to firewall for dnsc-vps-sm

Browse source
This commit is contained in:
Dennis Schoepf 2025-05-06 20:53:08 +02:00
parent 3c558f5411
commit 2292f2a60f
2 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -10,6 +10,7 @@
}; };
nix-darwin.url = "github:LnL7/nix-darwin/master"; nix-darwin.url = "github:LnL7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
ip-whitelist.url = "github:Oak-Digital/nixos-ip-whitelist-firewall";
}; };
outputs = { outputs = {

18
hosts/dnsc-vps-sm/default.nix
View file

@ -10,6 +10,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix ./networking.nix
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.ip-whitelist.nixosModules.default
]; ];
# Secrets # Secrets
@ -44,11 +45,24 @@
systemd.services.NetworkManager-wait-online.enable = false; systemd.services.NetworkManager-wait-online.enable = false;
# Firewall # Firewall
networking.firewall.enable = true; networking.firewall = {
networking.firewall.allowedTCPPorts = [ enable = true;
allowedTCPPorts = [
80 80
443 443
]; ];
ipBasedAllowedTCPPorts = [
{
port = 22;
ips = [
"100.103.199.4"
"100.115.100.87"
"100.83.40.63"
];
}
];
};
# My user account # My user account
users.users.dennis = { users.users.dennis = {