martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️ [pi4] Refactor firewall with variables

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-06-23 18:12:52 +00:00
parent 5704ebe712
commit 763ee6312a
2 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/pi4/security/firewall.nix
View File

@ -1,3 +1,5 @@
{ common, ... }:
{ {
networking = { networking = {
firewall = { firewall = {
@ -6,14 +8,9 @@
80 80
443 443
]; ];
trustedInterfaces = [ "tailscale0" ]; extraInputRules = ''
extraInputRules = ip saddr ${common.localIpRange} accept
let '';
localIPv4Range = "192.168.10.0/24";
in
''
ip saddr ${localIPv4Range} accept
'';
}; };
nftables.enable = true; nftables.enable = true;
}; };

1
shared/common.nix
View File

@ -16,6 +16,7 @@ rec {
domain = "martials.no"; domain = "martials.no";
tailnetDomain = "dns.${domain}"; tailnetDomain = "dns.${domain}";
localIpPrefix = "192.168.10."; localIpPrefix = "192.168.10.";
localIpRange = "${localIpPrefix}0/24";
localIpAddr = subAddr: "${localIpPrefix}${builtins.toString subAddr}"; localIpAddr = subAddr: "${localIpPrefix}${builtins.toString subAddr}";
tailnetAddr = host: "${host}.${tailnetDomain}"; tailnetAddr = host: "${host}.${tailnetDomain}";