Compare commits
2 commits
cba3b31df3
...
f68a64f966
| Author | SHA1 | Date | |
|---|---|---|---|
 Casper V. Kristensen
|
f68a64f966 | ||
|
Casper V. Kristensen
|
c549159d10 |
|
|
@ -142,40 +142,40 @@
|
||||||
interfaces = {
|
interfaces = {
|
||||||
"enp5s0" = {
|
"enp5s0" = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
1234 # ad hoc
|
|
||||||
1337 # ad hoc
|
|
||||||
139 # Samba
|
|
||||||
22000 # syncthing
|
|
||||||
22 # SSH
|
22 # SSH
|
||||||
25 # Mail SMTP
|
25 # Mail SMTP
|
||||||
|
80 # Caddy
|
||||||
|
139 # Samba
|
||||||
443 # Caddy
|
443 # Caddy
|
||||||
445 # Samba
|
445 # Samba
|
||||||
465 # Mail ESMTP
|
465 # Mail ESMTP
|
||||||
|
993 # Mail IMAPS
|
||||||
|
1234 # ad hoc
|
||||||
|
1337 # ad hoc
|
||||||
8000 # ad hoc
|
8000 # ad hoc
|
||||||
8080 # ad hoc
|
8080 # ad hoc
|
||||||
80 # Caddy
|
22000 # syncthing
|
||||||
993 # Mail IMAPS
|
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
139 # Samba
|
139 # Samba
|
||||||
|
445 # Samba
|
||||||
21027 # syncthing
|
21027 # syncthing
|
||||||
22000 # syncthing
|
22000 # syncthing
|
||||||
445 # Samba
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"wg-sigma-public" = {
|
"wg-sigma-public" = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
1234 # ad hoc
|
|
||||||
1337 # ad hoc
|
|
||||||
22000 # syncthing
|
|
||||||
22 # SSH
|
22 # SSH
|
||||||
25 # Mail SMTP
|
25 # Mail SMTP
|
||||||
|
80 # Caddy
|
||||||
443 # Caddy
|
443 # Caddy
|
||||||
465 # Mail ESMTP
|
465 # Mail ESMTP
|
||||||
|
993 # Mail IMAPS
|
||||||
|
1234 # ad hoc
|
||||||
|
1337 # ad hoc
|
||||||
8000 # ad hoc
|
8000 # ad hoc
|
||||||
8080 # ad hoc
|
8080 # ad hoc
|
||||||
80 # Caddy
|
22000 # syncthing
|
||||||
993 # Mail IMAPS
|
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
21027 # syncthing
|
21027 # syncthing
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,11 @@
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
systemd.network.enable = true;
|
systemd.network.enable = true;
|
||||||
|
|
||||||
|
# The notion of "online" is a broken concept
|
||||||
|
# https://github.com/nix-community/srvos/blob/main/nixos/common/networking.nix
|
||||||
|
systemd.services.NetworkManager-wait-online.enable = false;
|
||||||
|
systemd.network.wait-online.enable = false;
|
||||||
|
|
||||||
# systemd-resolved provides DNS resolution to local applications through
|
# systemd-resolved provides DNS resolution to local applications through
|
||||||
# D-Bus, NSS, and a local stub resolver on 127.0.0.53. It implements caching
|
# D-Bus, NSS, and a local stub resolver on 127.0.0.53. It implements caching
|
||||||
# and DNSSEC validation. We configure it to only, and always, use
|
# and DNSSEC validation. We configure it to only, and always, use
|
||||||
|
|
|
||||||
|
|
@ -22,12 +22,4 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# systemd-networkd-wait-online can timeout and fail if there are no network
|
|
||||||
# interfaces available for it to manage. When systemd-networkd is enabled but
|
|
||||||
# a different service is responsible for managing the system's internet
|
|
||||||
# connection (for example, NetworkManager), this service is unnecessary and
|
|
||||||
# can be disabled.
|
|
||||||
# https://search.nixos.org/options?channel=24.05&show=systemd.network.wait-online.enable
|
|
||||||
systemd.network.wait-online.enable = false;
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue