From 947dc6fbd5fd639e9299de86cfb6d0c0c9b06b23 Mon Sep 17 00:00:00 2001 From: Jacob Hinkle Date: Thu, 13 Oct 2022 08:46:54 -0400 Subject: [PATCH] Move pedro firewall setup to firewall.nix --- machines/pedro/configuration.nix | 20 +------------------- machines/pedro/firewall.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 19 deletions(-) create mode 100644 machines/pedro/firewall.nix diff --git a/machines/pedro/configuration.nix b/machines/pedro/configuration.nix index f7e30f7..14b260c 100644 --- a/machines/pedro/configuration.nix +++ b/machines/pedro/configuration.nix @@ -67,25 +67,7 @@ }; }; }; - firewall = { - allowedTCPPorts = [ - 8384 22000 # syncthing - 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference - 53 8088 # pihole - #3000 # gitea - #8081 # vaultwarden - #8000 # paperless - 80 443 # reverse proxy - ]; - allowedUDPPorts = [ - 22000 21027 # syncthing - 3478 5514 10001 1900 123 # unifi - 53 # pihole - ]; - allowedUDPPortRanges = [ - { from = 5656; to = 5699; } # unifi - ]; - }; + firewall = import ./firewall.nix; timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default; }; diff --git a/machines/pedro/firewall.nix b/machines/pedro/firewall.nix new file mode 100644 index 0000000..df8efcc --- /dev/null +++ b/machines/pedro/firewall.nix @@ -0,0 +1,19 @@ +{ + allowedTCPPorts = [ + 8384 22000 # syncthing + 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference + 53 8088 # pihole + #8123 # home-assistant + #3000 # gitea + #8081 # vaultwarden + 80 443 # reverse proxy + ]; + allowedUDPPorts = [ + 22000 21027 # syncthing + 3478 5514 10001 1900 123 # unifi + 53 # pihole + ]; + allowedUDPPortRanges = [ + { from = 5656; to = 5699; } # unifi + ]; +}