petersweb-infra/nixos/firewall.nix

26 lines
663 B
Nix
Raw Normal View History

2024-11-15 22:00:01 -09:00
{pkgs, ...}: {
2024-12-20 01:43:44 -09:00
networking.firewall.allowedTCPPorts = [
2024-12-24 02:49:21 -09:00
80 #nginx/http
22 #ssh
222 #ubuntu vm ssh
443 #ssl
2200 #forgejo ssh
3000 #forgejo http
2024-12-20 01:43:44 -09:00
2024-12-22 02:26:53 -09:00
8082 #webdav
2025-01-14 20:43:46 -09:00
8087 #nextcloud
2024-12-21 03:53:58 -09:00
2026-06-23 01:40:51 -08:00
5432 #coldairnetworks postgres
9090 #sync.io
2024-12-20 01:43:44 -09:00
];
# Allow DNS from all podman bridge networks (10.89.0.0/16).
# NixOS auto-adds a rule for podman0 but not for networks created by
# docker-compose/arion (podman1, podman2, podman3…).
networking.firewall.extraCommands = ''
iptables -I nixos-fw -s 10.89.0.0/16 -p udp --dport 53 -j nixos-fw-accept
iptables -I nixos-fw -s 10.89.0.0/16 -p tcp --dport 53 -j nixos-fw-accept
'';
2024-11-15 22:00:01 -09:00
}