Edit password for hosts/mermet/nginx/autogeree.net/www/julm/perso/camera.htpasswd...

[sourcephile-nix.git] / hosts / losurdo / networking / nftables.nix

diff --git a/hosts/losurdo/networking/nftables.nix b/hosts/losurdo/networking/nftables.nix
index f6588ac16b0571fedb022cb0f1d07f14eca4db86..934c6d2c25348775ef030a795f3966f85db43f4a 100644 (file)
--- a/hosts/losurdo/networking/nftables.nix
+++ b/hosts/losurdo/networking/nftables.nix
@@ -1,39 +1,37 @@
 { inputs, pkgs, lib, config, ... }:
 let
-  inherit (builtins) hasAttr readFile;
-  inherit (pkgs.lib) unlinesAttrs;
   inherit (config) networking;
-  inherit (config.users) users groups;
+  inherit (config.users) users;
 in
 {
-imports = [
-  (inputs.julm-nix + "/nixos/profiles/networking/nftables.nix")
-];
-networking.firewall.enable = false;
-systemd.services.disable-kernel-module-loading.after = [ "nftables.service" ];
-systemd.services.nftables.serviceConfig.TimeoutStartSec = "20";
-networking.nftables = {
-  enable = true;
-  ruleset = ''
-    table inet filter {
-      chain input-net {
-        #udp dport mdns ip6 daddr ff02::fb counter accept comment "Accept mDNS"
-        #udp dport mdns ip daddr 224.0.0.251 counter accept comment "Accept mDNS"
-        tcp dport ssh counter accept comment "SSH"
-        udp dport 60000-61000 counter accept comment "Mosh"
+  imports = [
+    (inputs.julm-nix + "/nixos/profiles/networking/nftables.nix")
+  ];
+  networking.firewall.enable = false;
+  systemd.services.disable-kernel-module-loading.after = [ "nftables.service" ];
+  systemd.services.nftables.serviceConfig.TimeoutStartSec = "20";
+  networking.nftables = {
+    enable = true;
+    ruleset = ''
+      table inet filter {
+        chain input-net {
+          #udp dport mdns ip6 daddr ff02::fb counter accept comment "Accept mDNS"
+          #udp dport mdns ip daddr 224.0.0.251 counter accept comment "Accept mDNS"
+          tcp dport ssh counter accept comment "SSH"
+          udp dport 60000-61000 counter accept comment "Mosh"
+        }
+        chain output-net {
+          tcp dport { ssh, 2222 } counter accept comment "SSH"
+          tcp dport { http, https } counter accept comment "HTTP"
+          udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
+          tcp dport 1965 counter accept comment "Gemini"
+          tcp dport git counter accept comment "Git"
+        }
+        chain forward {
+          ct state { related, established } accept
+          jump output-connectivity
+        }
       }
-      chain output-net {
-        tcp dport { ssh, 2222 } counter accept comment "SSH"
-        tcp dport { http, https } counter accept comment "HTTP"
-        udp dport ntp skuid ${users.systemd-timesync.name} counter accept comment "NTP"
-        tcp dport 1965 counter accept comment "Gemini"
-        tcp dport git counter accept comment "Git"
-      }
-      chain forward {
-        ct state { related, established } accept
-        jump output-connectivity
-      }
-    }
-  '';
-};
+    '';
+  };
 }