Setup a basic firewall for majin
This commit is contained in:
parent
18ca5a18ec
commit
833c2c5158
54
flake.lock
54
flake.lock
|
@ -197,11 +197,11 @@
|
|||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709967935,
|
||||
"narHash": "sha256-ZLLdGWs9njivxZsfSzfQN05g6WIyIe24bPb61y7FVqo=",
|
||||
"lastModified": 1710427903,
|
||||
"narHash": "sha256-sV0Q5ndvfjK9JfCg/QM/HX/fcittohvtq8dD62isxdM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "72818e54ec29427f8d9f9cfa6fc859d01ca6dc66",
|
||||
"rev": "21d89b333ca300bef82c928c856d48b94a9f997c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -238,18 +238,16 @@
|
|||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"dirtyRev": "70f14f5928c6cffb3be81784425b57d984a00acd-dirty",
|
||||
"dirtyShortRev": "70f14f5-dirty",
|
||||
"lastModified": 1710021649,
|
||||
"narHash": "sha256-erHUBiFoe08pi2wlg6PGcSTrhtt3OrE8KxohJOBV/Zc=",
|
||||
"ref": "v4",
|
||||
"rev": "70f14f5928c6cffb3be81784425b57d984a00acd",
|
||||
"revCount": 1050,
|
||||
"narHash": "sha256-3gmgWWaVJNW1xpbov8dVkf3EGucNXQggd5KsYONfTo0=",
|
||||
"type": "git",
|
||||
"url": "https://devheroes.codes/FG42/FG42"
|
||||
"url": "file:///home/lxsameer/src/fg42"
|
||||
},
|
||||
"original": {
|
||||
"ref": "v4",
|
||||
"type": "git",
|
||||
"url": "https://devheroes.codes/FG42/FG42"
|
||||
"url": "file:///home/lxsameer/src/fg42"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
|
@ -291,11 +289,11 @@
|
|||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -309,11 +307,11 @@
|
|||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -420,11 +418,11 @@
|
|||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1709426687,
|
||||
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
|
||||
"lastModified": 1710031547,
|
||||
"narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
|
||||
"rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -441,11 +439,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709887845,
|
||||
"narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=",
|
||||
"lastModified": 1710398463,
|
||||
"narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "bef32a05496d9480b02be586fa7827748b9e597b",
|
||||
"rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -456,11 +454,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1709410583,
|
||||
"narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
|
||||
"lastModified": 1710123225,
|
||||
"narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
|
||||
"rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -471,11 +469,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1709675310,
|
||||
"narHash": "sha256-w61tqFEmuJ+/1rAwU7nkYZ+dN6sLwyobfLwX2Yn42FE=",
|
||||
"lastModified": 1710346304,
|
||||
"narHash": "sha256-vwoyBoCovK7+vdbCYqL9MssoFQjaXtZN8sElcjUdbx8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "43d259f8d726113fac056e8bb17d5ac2dea3e0a8",
|
||||
"rev": "a0906f14161a5c5792e9883117b9471f5bf6df72",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -30,8 +30,8 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
fg42.url = "git+https://devheroes.codes/FG42/FG42?ref=v4";
|
||||
#fg42.url = "/home/lxsameer/src/fg42";
|
||||
#fg42.url = "git+https://devheroes.codes/FG42/FG42?ref=v4";
|
||||
fg42.url = "/home/lxsameer/src/fg42";
|
||||
|
||||
flake_utils.url = "github:numtide/flake-utils";
|
||||
|
||||
|
|
|
@ -307,4 +307,6 @@ rec {
|
|||
pkgs.yubikey-manager
|
||||
];
|
||||
};
|
||||
|
||||
virtualisation = import ./virtualisation {};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# Universe - The big bang to my universe
|
||||
#
|
||||
# Copyright (c) 2023-2024 Sameer Rahmani <lxsameer@gnu.org>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
params:
|
||||
{
|
||||
podman = {...}: {
|
||||
virtualisation = {
|
||||
podman = {
|
||||
enable = true;
|
||||
|
||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
||||
dockerCompat = true;
|
||||
|
||||
# Required for containers under podman-compose to be able to talk to each other.
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -139,15 +139,18 @@ in {
|
|||
|
||||
# Pdf stuff
|
||||
poppler_utils
|
||||
evince
|
||||
calibre
|
||||
|
||||
protonvpn-gui
|
||||
yubioath-flutter
|
||||
yubikey-manager
|
||||
feh
|
||||
|
||||
flameshot
|
||||
ticker
|
||||
ddgr
|
||||
|
||||
shotwell
|
||||
remmina
|
||||
];
|
||||
|
||||
|
@ -272,8 +275,13 @@ in {
|
|||
|
||||
Ps = "ps -aux |grep ";
|
||||
|
||||
d = "docker";
|
||||
d = "podman";
|
||||
|
||||
n = "nix";
|
||||
nd = "nix develop";
|
||||
nr = "nix run";
|
||||
nb = "nix build";
|
||||
|
||||
ew = "emacs -nw";
|
||||
F = "find . -iname";
|
||||
f = "fd";
|
||||
|
@ -411,9 +419,18 @@ in {
|
|||
services.dunst.enable = true;
|
||||
services.pasystray.enable = true;
|
||||
services.network-manager-applet.enable = true;
|
||||
|
||||
programs.gpg = {
|
||||
enable = true;
|
||||
scdaemonSettings = {
|
||||
disable-ccid = true;
|
||||
};
|
||||
homedir = lib.mkForce "/home/lxsameer/.gnupg";
|
||||
};
|
||||
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
enableSshSupport = false;
|
||||
enableSshSupport = lib.mkForce false;
|
||||
};
|
||||
|
||||
gtk = {
|
||||
|
@ -430,4 +447,10 @@ in {
|
|||
};
|
||||
|
||||
services.ssh-agent.enable = true;
|
||||
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
enableBashIntegration = true; # see note on other shells below
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -46,6 +46,12 @@ let
|
|||
'';
|
||||
|
||||
fileSystems."/home".neededForBoot = true;
|
||||
services.gvfs.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 8000 ];
|
||||
};
|
||||
};
|
||||
|
||||
lxsameer = pkgs.callPackage ../users/lxsameer/default.nix {};
|
||||
|
@ -78,6 +84,7 @@ in {
|
|||
desktop
|
||||
styles
|
||||
yubikey
|
||||
virtualisation.podman
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
|
Loading…
Reference in New Issue