s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

staging(no atomic commits thank to git-hooks)

Browse source 
Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
This commit is contained in:
s0me1newithhand7s 2026-03-25 17:56:18 +03:00
parent db3b60a846
commit c5f949506a
117 changed files with 2520 additions and 999 deletions
Download patch file Download diff file Expand all files Collapse all files

154
kyra/services/firewalld.nix Normal file
View file

@ -0,0 +1,154 @@
{
name,
lib,
...
}: {
services = {
firewalld = {
enable = true;
services = {
"ssh" = {
short = "openssh";
ports = [
{
port = 60009;
protocol = "tcp";
}
];
};
"stalwart" = {
short = "Stalwart-mail";
ports =
lib.forEach [
25
110
143
465
993
995
4190
] (
port: {
protocol = "tcp";
inherit
port
;
}
);
};
"consul" = {
short = "Consul";
ports =
lib.forEach [
8300
8301
8302
8500
8600
] (
port: {
protocol = "tcp";
inherit
port
;
}
)
++ lib.forEach [
8301
8302
8600
] (
port: {
protocol = "udp";
inherit
port
;
}
);
};
};
zones = {
"trusted" = {
services = [
"consul"
];
};
"wan" = {
ports = [
{
port = 2053;
protocol = "udp";
}
{
port = 8443;
protocol = "tcp";
}
{
port = 51820;
protocol = "udp";
}
];
icmpBlockInversion = true;
icmpBlocks = [
"echo-request"
"destination-unreachable"
"parameter-problem"
"time-exceeded"
];
interfaces = lib.concatLists [
(
lib.optionals (
lib.elem name [
"hazel"
"lynn"
"yara"
"ivy"
]
) [
"ens3"
]
)
(
lib.optionals (
name == "mel"
) [
"eth0"
]
)
];
services = lib.concatLists [
[
"ssh"
"http"
"https"
]
(
lib.optionals (
lib.elem name [
"hazel"
"lynn"
"mel"
]
) [
"minecraft"
"stalwart"
]
)
];
};
};
};
};
}