thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

hosts/prefect: Update boot and firewall settings for DN42

Browse source
This commit is contained in:
The Hedgehog 2022-08-20 15:45:06 -04:00
parent 3dee583c5f
commit e77b7e97cf
No known key found for this signature in database
2 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/prefect/bootloader.nix
View file

@ -13,5 +13,11 @@
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
initrd.kernelModules = ["nvme"]; initrd.kernelModules = ["nvme"];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
"net.ipv4.conf.default.rp_filter" = 0;
"net.ipv4.conf.all.rp_filter" = 0;
};
}; };
} }

12
hosts/prefect/firewall.nix
View file

@ -1,5 +1,17 @@
{ {
networking.firewall.allowedTCPPorts = [53 80 443 6900]; networking.firewall.allowedTCPPorts = [53 80 443 6900];
networking.firewall.allowedUDPPorts = [53 6900]; networking.firewall.allowedUDPPorts = [53 6900];
networking.firewall.allowedUDPPortRanges = [
{
from = 480;
to = 500;
}
];
networking.firewall.allowedTCPPortRanges = [
{
from = 480;
to = 500;
}
];
networking.firewall.trustedInterfaces = [ "tailscale0" ]; networking.firewall.trustedInterfaces = [ "tailscale0" ];
} }