The Blue Update #1
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ mailserver, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware
|
||||
|
|
@ -18,8 +18,11 @@
|
|||
# Misc
|
||||
../../../overlays
|
||||
../../../variables
|
||||
|
||||
# Imports
|
||||
mailserver.nixosModule
|
||||
];
|
||||
|
||||
networking.hostName = "bomberman";
|
||||
networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.19/32" ];
|
||||
networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.19/24" ];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ mailserver, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware
|
||||
|
|
@ -19,9 +19,6 @@
|
|||
# Misc
|
||||
../../../overlays
|
||||
../../../variables
|
||||
|
||||
# Imports
|
||||
mailserver.nixosModule
|
||||
];
|
||||
|
||||
networking.hostName = "cyberspark";
|
||||
|
|
|
|||
|
|
@ -4,15 +4,12 @@
|
|||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
# Configure firewall
|
||||
networking = let
|
||||
mailPorts = "{ 25, 143, 465, 587, 993, 4190 }";
|
||||
in {
|
||||
networking = {
|
||||
firewall = {
|
||||
allowPing = false;
|
||||
extraInputRules = ''
|
||||
ip saddr { ${config.ips.localSpan}.0/24, ${config.ips.wgSpan}.0/24 } tcp dport 2049 accept comment "Accept NFS"
|
||||
ip saddr { ${config.ips.pc}, ${config.secrets.lunaIP}, ${config.secrets.cornIP} } tcp dport { 1935, 1945 } accept comment "Accept RTMP"
|
||||
ip saddr ${config.ips.wgSpan}.19 tcp dport ${mailPorts} accept comment "Accept mail"
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -44,8 +41,6 @@
|
|||
chain POSTROUTING {
|
||||
type nat hook postrouting priority 100; policy accept;
|
||||
oifname "${config.ips.netInt}" masquerade
|
||||
iifname "${config.ips.netInt}" oifname "${config.ips.wgInt}" masquerade comment "Traffic from public to WireGuard"
|
||||
tcp dport ${mailPorts} oifname != "${config.ips.wgInt}" drop comment "Send mail"
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue