fix(vesuvio): configure firewall correctly
This commit is contained in:
parent
e91330263b
commit
fcc5ebb7ba
SSH key fingerprint:
SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
1 changed files with 11 additions and 1 deletions
|
|
@ -2,7 +2,7 @@
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
services.openssh.openFirewall = true;
|
services.openssh.ports = [4269];
|
||||||
|
|
||||||
services.frp = {
|
services.frp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -18,4 +18,14 @@
|
||||||
|
|
||||||
age.secrets.frpToken.file = ../../secrets/etna/frpToken.age;
|
age.secrets.frpToken.file = ../../secrets/etna/frpToken.age;
|
||||||
systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
|
systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [22]; # forgejo-ssh
|
||||||
|
allowedTCPPortRanges = [
|
||||||
|
{
|
||||||
|
from = 6000;
|
||||||
|
to = 7000;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue