From 960729f6e5636bc8e558655abe0d7b20a28d760d Mon Sep 17 00:00:00 2001 From: Alexander Bantyev Date: Tue, 12 May 2020 15:06:45 +0300 Subject: [PATCH] Firewall --- modules/applications/weechat.nix | 4 ++-- modules/network.nix | 20 +++++++++++--------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/modules/applications/weechat.nix b/modules/applications/weechat.nix index 4787fb0..be8262d 100644 --- a/modules/applications/weechat.nix +++ b/modules/applications/weechat.nix @@ -2,8 +2,8 @@ let weechat-matrix = pkgs.weechatScripts.weechat-matrix.overrideAttrs (_: { src = pkgs.fetchzip { - url = "https://github.com/balsoft/weechat-matrix/archive/feat/enable-replies.tar.gz"; - sha256 = "sha256-GdUu/dfFy8bcEF2plon9/c+9zh9nqfAqKQd8cuUT4PE="; + url = "https://github.com/myii/weechat-matrix/archive/feat/enable-replies.tar.gz"; + sha256 = "sha256-KeTfSdwVosouJwz0aZARKdxNERmFWl96Dl1ps0kbBy4="; }; }); weechat = pkgs.weechat.override { diff --git a/modules/network.nix b/modules/network.nix index 55049e5..1d2a9de 100644 --- a/modules/network.nix +++ b/modules/network.nix @@ -1,17 +1,19 @@ -{ pkgs, lib, config, ... }: { +{ pkgs, lib, config, ... }: +let + localRanges = [ + { from = 1714; to = 1764; } # KDE connect + { from = 6600; to = 6600; } # Mopidy + ]; +in { networking = { networkmanager.enable = true; firewall = { enable = true; allowedTCPPorts = [ 13748 13722 5000 22 80 443 ]; - interfaces.wlan0.allowedTCPPortRanges = [{ - from = 1714; - to = 1764; - }]; - interfaces.wlan0.allowedUDPPortRanges = [{ - from = 1714; - to = 1764; - }]; + interfaces.wlan0.allowedTCPPortRanges = localRanges; + interfaces.wlan0.allowedUDPPortRanges = localRanges; + interfaces.eth0.allowedUDPPortRanges = localRanges; + interfaces.eth0.allowedTCPPortRanges = localRanges; }; resolvconf.extraConfig = '' local_nameservers=""