46 lines
1.1 KiB
Nix
46 lines
1.1 KiB
Nix
{ pkgs, lib, nodes, ... }: {
|
|
imports = [
|
|
# applications for this particular server
|
|
../applications/firewall.nix
|
|
];
|
|
|
|
deployment = {
|
|
#targetHost = "agentjones.skynet.ie";
|
|
# wont have dns to start with
|
|
#targetHost = "193.1.99.72";
|
|
targetHost = "192.168.1.157";
|
|
targetPort = 22;
|
|
targetUser = "root";
|
|
};
|
|
|
|
# this server is teh firewall
|
|
skynet_firewall = {
|
|
# always good to know oneself
|
|
#own_ip = "193.1.99.72";
|
|
own_ip = "192.168.1.157";
|
|
|
|
own_ports = [
|
|
# ssh
|
|
22
|
|
# dns
|
|
53
|
|
# wireguard
|
|
51820
|
|
];
|
|
|
|
enable = true;
|
|
|
|
# gonna have to get all the
|
|
forward = builtins.concatLists (
|
|
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
|
|
lib.attrsets.mapAttrsToList (key: value:
|
|
# make sure that anything running this firewall dosent count (recursion otherewise)
|
|
# firewall may want to open ports in itself but can deal with that later
|
|
if value.config.skynet_firewall.enable
|
|
then []
|
|
else value.config.skynet_firewall.forward
|
|
) nodes
|
|
);
|
|
};
|
|
|
|
}
|