diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/networking.nix | 12 | ||||
| -rw-r--r-- | modules/programs/default.nix | 2 | ||||
| -rw-r--r-- | modules/programs/mosh.nix | 6 | ||||
| -rw-r--r-- | modules/services/default.nix | 1 | ||||
| -rw-r--r-- | modules/services/fail2ban.nix | 11 | ||||
| -rw-r--r-- | modules/services/openssh.nix | 5 |
6 files changed, 30 insertions, 7 deletions
diff --git a/modules/networking.nix b/modules/networking.nix index 1e3449f..061a076 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ networking = { hostName = "kansai"; nftables.enable = true; @@ -21,10 +22,15 @@ allowedUDPPorts = [ 53 ]; allowedTCPPorts = [ - 2222 80 443 - 32400 + ]; + + allowedUDPPortRanges = [ + { + from = 60000; + to = 61000; + } ]; }; diff --git a/modules/programs/default.nix b/modules/programs/default.nix index cfba847..8efd21a 100644 --- a/modules/programs/default.nix +++ b/modules/programs/default.nix @@ -2,6 +2,7 @@ { imports = [ ./gnupg.nix + ./mosh.nix ./nh.nix ]; @@ -11,5 +12,6 @@ dconf.enable = true; ssh.startAgent = false; ccache.enable = true; + nix-index-database.comma.enable = true; }; } diff --git a/modules/programs/mosh.nix b/modules/programs/mosh.nix new file mode 100644 index 0000000..09b0937 --- /dev/null +++ b/modules/programs/mosh.nix @@ -0,0 +1,6 @@ +{ + programs.mosh = { + enable = true; + openFirewall = true; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index 6113696..4aadbd8 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./ananicy.nix ./dbus.nix + ./fail2ban.nix ./libinput.nix ./openssh.nix ./pia.nix diff --git a/modules/services/fail2ban.nix b/modules/services/fail2ban.nix new file mode 100644 index 0000000..d768eb6 --- /dev/null +++ b/modules/services/fail2ban.nix @@ -0,0 +1,11 @@ +{ + services.fail2ban = { + enable = false; + + ignoreIP = [ + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + ]; + }; +} diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index 68653fc..d4926c1 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -2,9 +2,6 @@ services.openssh = { enable = true; ports = [ 2222 ]; - - settings = { - PermitRootLogin = "yes"; - }; + openFirewall = true; }; } |