diff options
| author | Alex Auvolat <alex@adnab.me> | 2023-04-21 11:29:15 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2023-04-21 11:29:15 +0200 |
| commit | a9e9149739597dc287cff364437fffd1d886ccf7 (patch) | |
| tree | b30f2b9196398820c60b544eaa3c53332d81fb44 | |
| parent | 529480b133c5ee9197c6ca3f400a22d4579dfd17 (diff) | |
| download | nixcfg-a9e9149739597dc287cff364437fffd1d886ccf7.tar.gz nixcfg-a9e9149739597dc287cff364437fffd1d886ccf7.zip | |
Fix unbound; remove Nixos firewall (use only diplonat)
| -rw-r--r-- | cluster/prod/cluster.nix | 2 | ||||
| -rw-r--r-- | cluster/prod/site/bespin.nix | 2 | ||||
| -rw-r--r-- | cluster/prod/site/neptune.nix | 2 | ||||
| -rw-r--r-- | cluster/prod/site/orion.nix | 2 | ||||
| -rw-r--r-- | cluster/prod/site/scorpio.nix | 2 | ||||
| -rw-r--r-- | cluster/staging/site/bespin.nix | 2 | ||||
| -rw-r--r-- | cluster/staging/site/corrin.nix | 2 | ||||
| -rw-r--r-- | cluster/staging/site/jupiter.nix | 2 | ||||
| -rw-r--r-- | cluster/staging/site/neptune.nix | 2 | ||||
| -rw-r--r-- | nix/deuxfleurs.nix | 2 |
10 files changed, 3 insertions, 17 deletions
diff --git a/cluster/prod/cluster.nix b/cluster/prod/cluster.nix index cbeed8f..ea3bdec 100644 --- a/cluster/prod/cluster.nix +++ b/cluster/prod/cluster.nix @@ -6,7 +6,7 @@ # The IP range to use for the Wireguard overlay of this cluster deuxfleurs.clusterPrefix = "10.83.0.0/16"; - deuxfleurs.cluster_nodes = { + deuxfleurs.clusterNodes = { "concombre" = { siteName = "neptune"; publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34="; diff --git a/cluster/prod/site/bespin.nix b/cluster/prod/site/bespin.nix index 3c9a668..cdce53e 100644 --- a/cluster/prod/site/bespin.nix +++ b/cluster/prod/site/bespin.nix @@ -4,6 +4,4 @@ deuxfleurs.siteName = "bespin"; deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254"; deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr."; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/prod/site/neptune.nix b/cluster/prod/site/neptune.nix index 81495c6..ab24f4a 100644 --- a/cluster/prod/site/neptune.nix +++ b/cluster/prod/site/neptune.nix @@ -5,6 +5,4 @@ deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1"; deuxfleurs.cnameTarget = "neptune.site.deuxfleurs.fr."; deuxfleurs.publicIPv4 = "77.207.15.215"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/prod/site/orion.nix b/cluster/prod/site/orion.nix index 5f6c33e..58c49ab 100644 --- a/cluster/prod/site/orion.nix +++ b/cluster/prod/site/orion.nix @@ -10,6 +10,4 @@ deuxfleurs.staticIPv6.defaultGateway = "2a01:e0a:28f:5e60::1"; deuxfleurs.cnameTarget = "orion.site.deuxfleurs.fr."; deuxfleurs.publicIPv4 = "82.66.80.201"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/prod/site/scorpio.nix b/cluster/prod/site/scorpio.nix index b1e0f20..e36dc1d 100644 --- a/cluster/prod/site/scorpio.nix +++ b/cluster/prod/site/scorpio.nix @@ -5,6 +5,4 @@ deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254"; deuxfleurs.cnameTarget = "scorpio.site.deuxfleurs.fr."; deuxfleurs.publicIPv4 = "82.65.41.110"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/staging/site/bespin.nix b/cluster/staging/site/bespin.nix index 22feb59..2dbfbad 100644 --- a/cluster/staging/site/bespin.nix +++ b/cluster/staging/site/bespin.nix @@ -4,6 +4,4 @@ deuxfleurs.siteName = "bespin"; deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254"; deuxfleurs.cnameTarget = "bespin.site.staging.deuxfleurs.org."; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/staging/site/corrin.nix b/cluster/staging/site/corrin.nix index 6eb5239..027f6b3 100644 --- a/cluster/staging/site/corrin.nix +++ b/cluster/staging/site/corrin.nix @@ -5,6 +5,4 @@ deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1"; deuxfleurs.cnameTarget = "corrin.site.staging.deuxfleurs.org."; deuxfleurs.publicIPv4 = "2.13.96.213"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/staging/site/jupiter.nix b/cluster/staging/site/jupiter.nix index 2d39f5a..28ba297 100644 --- a/cluster/staging/site/jupiter.nix +++ b/cluster/staging/site/jupiter.nix @@ -4,6 +4,4 @@ deuxfleurs.siteName = "jupiter"; deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1"; deuxfleurs.cnameTarget = "jupiter.site.staging.deuxfleurs.org."; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix index f94d62f..86148f4 100644 --- a/cluster/staging/site/neptune.nix +++ b/cluster/staging/site/neptune.nix @@ -3,6 +3,4 @@ { deuxfleurs.siteName = "neptune"; deuxfleurs.cnameTarget = "neptune.site.staging.deuxfleurs.org."; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 74a5734..4423318 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -213,6 +213,8 @@ in access-control = [ "127.0.0.0/8 allow" "172.17.0.0/16 allow" + "192.168.0.0/16 allow" + "${cfg.clusterPrefix} allow" ]; }; stub-zone = [ |