mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat(ward): open kanidm port only for sentinel

Browse source
This commit is contained in:
oddlama 2023-06-01 01:33:13 +02:00
parent c1fe238c75
commit df2657bb1c
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/ward/default.nix
View file

@ -76,12 +76,26 @@ in {
networking.nftables.firewall = {
zones = lib.mkForce {
local-vms.interfaces = ["local-vms"];
#local-vms.interfaces = ["local-vms"];
proxy-sentinel.interfaces = ["proxy-sentinel"];
sentinel = {
parent = "proxy-sentinel";
ipv4Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv4];
ipv6Addresses = [nodes.sentinel.config.extra.wireguard.proxy-sentinel.ipv6];
};
};
#rules = lib.mkForce {
# local-vms-to-local = {
# from = ["local-vms"];
# to = ["local"];
# allowedTCPPorts = [8300];
# };
#};
rules = lib.mkForce {
local-vms-to-local = {
from = ["local-vms"];
sentinel-to-local = {
from = ["sentinel"];
to = ["local"];
allowedTCPPorts = [8300];
};