The Blue Update #1

Merged
Jimbo merged 101 commits from Refactor into main 2024-10-25 21:26:22 -04:00
3 changed files with 7 additions and 12 deletions
Showing only changes of commit 7f0e1801d7 - Show all commits

View file

@ -1,4 +1,4 @@
{ config, ... }: { mailserver, config, ... }:
{ {
imports = [ imports = [
./hardware ./hardware
@ -18,8 +18,11 @@
# Misc # Misc
../../../overlays ../../../overlays
../../../variables ../../../variables
# Imports
mailserver.nixosModule
]; ];
networking.hostName = "bomberman"; networking.hostName = "bomberman";
networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.19/32" ]; networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.19/24" ];
} }

View file

@ -1,4 +1,4 @@
{ mailserver, ... }: { ... }:
{ {
imports = [ imports = [
./hardware ./hardware
@ -19,9 +19,6 @@
# Misc # Misc
../../../overlays ../../../overlays
../../../variables ../../../variables
# Imports
mailserver.nixosModule
]; ];
networking.hostName = "cyberspark"; networking.hostName = "cyberspark";

View file

@ -4,15 +4,12 @@
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# Configure firewall # Configure firewall
networking = let networking = {
mailPorts = "{ 25, 143, 465, 587, 993, 4190 }";
in {
firewall = { firewall = {
allowPing = false; allowPing = false;
extraInputRules = '' extraInputRules = ''
ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS" ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP" ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
ip saddr ${config.ips.wgSpan}.19 tcp dport ${mailPorts} accept comment "Accept mail"
''; '';
}; };
@ -44,8 +41,6 @@
chain POSTROUTING { chain POSTROUTING {
type nat hook postrouting priority 100; policy accept; type nat hook postrouting priority 100; policy accept;
oifname "${config.ips.netInt}" masquerade oifname "${config.ips.netInt}" masquerade
iifname "${config.ips.netInt}" oifname "${config.ips.wgInt}" masquerade comment "Traffic from public to WireGuard"
tcp dport ${mailPorts} oifname != "${config.ips.wgInt}" drop comment "Send mail"
} }
''; '';
}; };