feat(host/desktop): setup firewall in teruko module

Lichthagel · Jun 17, 2024 · c7eb7bd · c7eb7bd
1 parent 59db3f4
commit c7eb7bd
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/hosts/jdnixos/default.nix b/hosts/jdnixos/default.nix
@@ -13,6 +13,7 @@
     ./forgejo.nix
     ./renovate.nix
     ./rss.nix
+    ./teruko_os.nix
 
     inputs.nixos-hardware.nixosModules.common-cpu-amd
     inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
@@ -157,7 +158,6 @@
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
-    3030
     3456
     22000
   ];

diff --git a/hosts/jdnixos/home.nix b/hosts/jdnixos/home.nix
@@ -6,8 +6,6 @@
   ...
 }:
 {
-  imports = [ ./teruko.nix ];
-
   home.packages = with pkgs; [
     calibre
     anki

diff --git a/hosts/jdnixos/teruko.nix b/hosts/jdnixos/teruko.nix
@@ -1,6 +1,6 @@
 { inputs', ... }:
 {
-  systemd.user.services.teruko = {
+  home-manager.users.licht.systemd.user.services.teruko = {
     Unit = {
       Description = "Teruko";
       After = [ "network.target" ];
@@ -21,4 +21,11 @@
       WantedBy = [ "default.target" ];
     };
   };
+
+  networking.nftables.tables.nixos-fw.content = ''
+    chain input-allow {
+      iifname wg0 tcp dport { 3030 } accept
+      ip saddr 192.168.1.0/24 tcp dport { 3030 } accept
+    }
+  '';
 }