diff options
| author | Fuwn <[email protected]> | 2024-09-25 02:57:36 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-09-25 02:57:36 -0700 |
| commit | 879910dce240c67cc077274fda6a1d55ae4f47cc (patch) | |
| tree | 9187a21081c834ca72f0d9635b53847fe133f82c /modules | |
| parent | nix: clean with nh (diff) | |
| download | nixos-config-879910dce240c67cc077274fda6a1d55ae4f47cc.tar.xz nixos-config-879910dce240c67cc077274fda6a1d55ae4f47cc.zip | |
firewall: move to core
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/core/networking/default.nix | 5 | ||||
| -rw-r--r-- | modules/core/networking/firewall/default.nix (renamed from modules/desktop/networking/firewall/default.nix) | 1 | ||||
| -rw-r--r-- | modules/core/networking/firewall/fail2ban.nix (renamed from modules/desktop/networking/firewall/fail2ban.nix) | 4 | ||||
| -rw-r--r-- | modules/desktop/networking/default.nix | 1 |
4 files changed, 5 insertions, 6 deletions
diff --git a/modules/core/networking/default.nix b/modules/core/networking/default.nix index 5e53759..608be0b 100644 --- a/modules/core/networking/default.nix +++ b/modules/core/networking/default.nix @@ -1,6 +1,9 @@ { secrets, ... }: { - imports = [ ./tailscale.nix ]; + imports = [ + ./firewall + ./tailscale.nix + ]; networking = { nftables.enable = true; diff --git a/modules/desktop/networking/firewall/default.nix b/modules/core/networking/firewall/default.nix index 074f398..2da2502 100644 --- a/modules/desktop/networking/firewall/default.nix +++ b/modules/core/networking/firewall/default.nix @@ -2,7 +2,6 @@ imports = [ ./fail2ban.nix ]; networking.firewall = { - enable = true; allowPing = false; logReversePathDrops = true; logRefusedConnections = false; diff --git a/modules/desktop/networking/firewall/fail2ban.nix b/modules/core/networking/firewall/fail2ban.nix index 6311b14..606b725 100644 --- a/modules/desktop/networking/firewall/fail2ban.nix +++ b/modules/core/networking/firewall/fail2ban.nix @@ -1,9 +1,7 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: { services.fail2ban = { enable = false; - banaction = "nftables-multiport"; - banaction-allports = lib.mkDefault "nftables-allport"; extraPackages = with pkgs; [ nftables diff --git a/modules/desktop/networking/default.nix b/modules/desktop/networking/default.nix index 37267c2..d8fd85e 100644 --- a/modules/desktop/networking/default.nix +++ b/modules/desktop/networking/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./firewall ./caddy.nix ./dhcpcd.nix ./i2p.nix |