sail: make firewall rules more specific

2023-03-05 23:28:42 +01:00 · 2023-03-05 23:28:42 +01:00 · d86187e2ee
commit d86187e2ee
parent c3cb43184c
4 changed files with 3 additions and 8 deletions
--- a/system/nixos/acme-sail.nix
+++ b/system/nixos/acme-sail.nix
@ -3,9 +3,9 @@
 {
  security.acme = {
    acceptTerms = true;
-    email = "acme@kempkens.io";

    defaults = {
+      email = "acme@kempkens.io";
      dnsProvider = "cloudflare";
      credentialsFile = config.age.secrets.acme-credentials.path;
      dnsResolver = "1.1.1.1:53";
--- a/system/nixos/atuin-sync.nix
+++ b/system/nixos/atuin-sync.nix
@ -26,5 +26,5 @@
    };
  };

-  networking.firewall.allowedTCPPorts = [ 8015 ];
+  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 8015 ];
 }
--- a/system/nixos/libreddit.nix
+++ b/system/nixos/libreddit.nix
@ -9,11 +9,6 @@
  };

  services.nginx = {
-    enable = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedBrotliSettings = true;
-
    virtualHosts."libreddit.only.internal" = {
      listen = [
        {
--- a/system/nixos/synapse.nix
+++ b/system/nixos/synapse.nix
@ -87,5 +87,5 @@
    extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
  };

-  networking.firewall.allowedTCPPorts = [ 8008 ];
+  networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 8008 ];
 }