let
inherit (builtins) hasAttr readFile;
inherit (pkgs.lib) unlinesAttrs;
- inherit (config) users;
+ inherit (config.users) users;
inherit (config.services) shorewall shorewall6;
fw2net = ''
# By protocol
Ping(ACCEPT) $FW net
# By port
- DNS(ACCEPT) $FW net {user=${users.users.unbound.name}}
+ DNS(ACCEPT) $FW net {user=${users.unbound.name}}
DNS(ACCEPT) $FW net:217.70.177.40 # for knot to notify ns6.gandi.net
DNS(ACCEPT) $FW net:78.192.65.63 # for knot to notify ns0.muarf.org
Git(ACCEPT) $FW net
- HKP(ACCEPT) $FW net {user=${users.users.julm.name}}
+ HKP(ACCEPT) $FW net {user=${users.julm.name}}
HTTP(ACCEPT) $FW net
HTTPS(ACCEPT) $FW net
- IRCS(ACCEPT) $FW net {user=${users.users.julm.name}}
+ IRCS(ACCEPT) $FW net {user=${users.julm.name}}
+ NTP(ACCEPT) $FW net {user=${users.systemd-timesync.name}}
SMTP(ACCEPT) $FW net
SMTPS(ACCEPT) $FW net
SSH(ACCEPT) $FW net
# By port
DNS(ACCEPT) net $FW
+ Git(ACCEPT) net $FW
HTTP(ACCEPT) net $FW
HTTPS(ACCEPT) net $FW
IMAPS(ACCEPT) net $FW
Mosh(ACCEPT) net $FW
+ ACCEPT net $FW {proto=tcp, dport=8080}
POP3S(ACCEPT) net $FW
SMTP(ACCEPT) net $FW
SMTPS(ACCEPT) net $FW