gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor pkgs/lib -> lib, kw.fw -> network.firewall, ...

Browse source
This commit is contained in:
kat witch 2021-08-13 21:17:56 +01:00
parent ce5c5f7f7c
commit 0e126e2a2e
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
32 changed files with 35 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

2
depot/hosts/athame/nixos.nix
View file

@ -92,7 +92,7 @@ with lib;
# Firewall
kw.fw = {
network.firewall = {
public.interfaces = singleton "enp1s0";
private.interfaces = singleton "yggdrasil";
};

2
depot/hosts/beltane/nixos.nix
View file

@ -108,7 +108,7 @@ with lib;
# Firewall
kw.fw = {
network.firewall = {
private.interfaces = singleton "yggdrasil";
public.interfaces = singleton "eno1";
};

2
depot/hosts/ostara/nixos.nix
View file

@ -55,7 +55,7 @@ with lib;
# Firewall
kw.fw = {
network.firewall = {
public = {
interfaces = singleton "enp1s0";
tcp.ports = [ 9981 9982 ];

2
depot/hosts/samhain/nixos.nix
View file

@ -135,7 +135,7 @@ in {
# Firewall
kw.fw = {
network.firewall = {
public.interfaces = singleton "br";
private = {
interfaces = singleton "yggdrasil";

2
depot/hosts/yule/nixos.nix
View file

@ -81,7 +81,7 @@ with lib;
# Firewall
kw.fw = {
network.firewall = {
public.interfaces = [ "enp1s0" "wlp2s0" ];
private.interfaces = singleton "yggdrasil";
};

4
depot/modules/nixos/firewall.nix
View file

@ -2,10 +2,10 @@
with lib;
let cfg = config.kw.fw;
let cfg = config.network.firewall;
in
{
options.kw.fw = {
options.network.firewall = {
public.tcp.ports = mkOption {
type = types.listOf types.port;
default = [ ];

4
depot/modules/nixos/nftables.nix
View file

@ -2,7 +2,7 @@
let
fwcfg = config.networking.firewall;
cfg = config.kw.nftables;
cfg = config.network.nftables;
doDocker = config.virtualisation.docker.enable && cfg.generateDockerRules;
@ -82,7 +82,7 @@ let
in {
options = with lib; {
kw.nftables = {
network.nftables = {
enable = mkEnableOption "nftables firewall";
extraConfig = mkOption {

2
depot/profiles/base/net.nix
View file

@ -1,5 +1,5 @@
{ config, lib, ... }:
{
kw.nftables.enable = lib.mkDefault true;
network.nftables.enable = lib.mkDefault true;
}

2
depot/profiles/base/ssh.nix
View file

@ -3,7 +3,7 @@
with lib;
{
kw.fw = {
network.firewall = {
public = {
tcp.ports = singleton 62954;
udp.ranges = [{

2
depot/profiles/gui/mpd.nix
View file

@ -3,7 +3,7 @@
with lib;
{
kw.fw = {
network.firewall = {
public.tcp.ports = [ 6600 32101 ];
private.tcp.ports = [ 6600 32101 ];
};

8
depot/services/asterisk/default.nix
View file

@ -5,15 +5,15 @@ with lib;
{
/*
kw.fw.public.tcp.ports = [ 5160 5060 ];
kw.fw.public.udp.ports = [ 5160 5060 ];
network.firewall.public.tcp.ports = [ 5160 5060 ];
network.firewall.public.udp.ports = [ 5160 5060 ];
kw.fw.public.tcp.ranges = [{
network.firewall.public.tcp.ranges = [{
from = 10000;
to = 20000;
}];
kw.fw.public.udp.ranges = [{
network.firewall.public.udp.ranges = [{
from = 10000;
to = 20000;
}];

2
depot/services/jellyfin/default.nix
View file

@ -15,7 +15,7 @@
};
};
kw.fw = {
network.firewall = {
public.tcp.ranges = [{
from = 32768;
to = 60999;

2
depot/services/kattv-ingest/default.nix
View file

@ -110,7 +110,7 @@ in {
}
'';
kw.fw = {
network.firewall = {
private.tcp.ports = singleton 1935;
public.tcp.ports = [ 4953 1935 ];
};

2
depot/services/loki/default.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
#kw.fw.private.tcp.ports = [ 3100 ];
#network.firewall.private.tcp.ports = [ 3100 ];
services.loki = {
enable = false;
configuration = {

2
depot/services/murmur/default.nix
View file

@ -3,7 +3,7 @@
with lib;
{
kw.fw = {
network.firewall = {
public = {
tcp.ports = singleton 64738;
udp.ports = singleton 64738;

2
depot/services/netdata/default.nix
View file

@ -1,7 +1,7 @@
{ config, kw, ... }:
{
kw.fw.private.tcp.ports = [ 19999 ];
network.firewall.private.tcp.ports = [ 19999 ];
services.netdata = { enable = true; };

2
depot/services/nfs/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, kw, ... }:
{
kw.fw = {
network.firewall = {
private.tcp.ports = [ 111 2049 ];
public.tcp.ports = [ 111 2049 ];
};

2
depot/services/nginx/default.nix
View file

@ -12,7 +12,7 @@ with lib;
'';
};
kw.fw = {
network.firewall = {
public.tcp.ports = [ 443 80 ];
private.tcp.ports = [ 443 80 ];
};

2
depot/services/node-exporter/default.nix
View file

@ -1,7 +1,7 @@
{ config, ... }:
{
kw.fw.private.tcp.ports = [ 9002 ];
network.firewall.private.tcp.ports = [ 9002 ];
services.prometheus = {
exporters = {

2
depot/services/syncplay/default.nix
View file

@ -21,7 +21,7 @@ with lib;
};
};
kw.fw.public.tcp.ports = singleton 8999;
network.firewall.public.tcp.ports = singleton 8999;
services.nginx.virtualHosts."sync.${config.network.dns.domain}" = {
enableACME = true;

2
depot/services/taskserver/default.nix
View file

@ -3,7 +3,7 @@
with lib;
{
kw.fw.public.tcp.ports = singleton 53589;
network.firewall.public.tcp.ports = singleton 53589;
services.taskserver = {
enable = true;

2
depot/services/tvheadend/default.nix
View file

@ -5,7 +5,7 @@
services.tvheadend.enable = true;
systemd.services.tvheadend.enable = lib.mkForce false;
kw.fw.public = {
network.firewall.public = {
tcp.ports = [ 9981 9982 ];
};

2
depot/services/xmpp/default.nix
View file

@ -3,7 +3,7 @@
with lib;
{
kw.fw.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ];
network.firewall.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ];
services.postgresql = {
ensureDatabases = [ "prosody" ];