kitten.sh / system
Personal Nix setup
fork atom

Set up firewall correctly for desktop

kitten.sh d661a921 42755c31

options
unified split
Changed files
+15 -4
modules
desktop
default.nix
server
sshd.nix
+14 -3
modules/desktop/default.nix 
···

       
28

       
28

       
 

       
  config = mkIf cfg.enable {


     

       
29

       
29

       
 

       
    users.users."${user}".extraGroups = [ "video" ];


     

       
30

       
30

       
 

       



     

       
31

       

       
-

       
    networking.networkmanager = {


     

       
32

       

       
-

       
      enable = mkDefault true;


     

       
33

       

       
-

       
      wifi.powersave = true;


     

       

       
31

       
+

       
    networking = {


     

       

       
32

       
+

       
      firewall = {


     

       

       
33

       
+

       
        enable = mkDefault true;


     

       

       
34

       
+

       
        checkReversePath = "loose";


     

       

       
35

       
+

       
      };


     

       

       
36

       
+

       
      nftables = {


     

       

       
37

       
+

       
        enable = mkForce true;


     

       

       
38

       
+

       
        checkRuleset = false;


     

       

       
39

       
+

       
        flushRuleset = true;


     

       

       
40

       
+

       
      };


     

       

       
41

       
+

       
      networkmanager = {


     

       

       
42

       
+

       
        enable = mkDefault true;


     

       

       
43

       
+

       
        wifi.powersave = true;


     

       

       
44

       
+

       
      };


     

       
34

       
45

       
 

       
    };


     

       
35

       
46

       
 

       



     

       
36

       
47

       
 

       
    hardware = {
+1 -1
modules/server/sshd.nix 
···

       
20

       
20

       
 

       



     

       
21

       
21

       
 

       
    services.openssh = {


     

       
22

       
22

       
 

       
      enable = true;


     

       
23

       

       
-

       
      openFirewall = false;


     

       

       
23

       
+

       
      openFirewall = mkDefault (!config.modules.router.enable);


     

       
24

       
24

       
 

       
    };


     

       
25

       
25

       
 

       
  };


     

       
26

       
26

       
 

       
}