secure munin-node with firewall

2024-03-23 19:43:39 +01:00 · 2024-03-23 19:43:39 +01:00 · 79c9b0bb75
commit 79c9b0bb75
parent bd0d73cc33
2 changed files with 12 additions and 4 deletions
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@ -367,15 +367,21 @@ in
      22 # SSH
      80 # munin web
      631 # Printing
-      3000 # Hydra
-      softServePort
    ];
    allowedUDPPorts = [
      631 # Printing
      51234 # Wireguard
      51235 # Wireguard
    ];
-    logReversePathDrops = true;
+    interfaces = {
+      uwu.allowedTCPPorts = [
+        softServePort
+      ];
+      wg0.allowedTCPPorts = [
+        3000 # Hydra
+        4949 # munin-node
+      ];
+    };
  };

  services.resolved.enable = true;
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@ -123,12 +123,14 @@ in
      22 # SSH
      80
      443 # HTTPS
-      4949 # munin-node
    ];
    allowedUDPPorts = [
      51234 # Wireguard
      51235 # Wireguard
    ];
+    interfaces.ninurta.allowedTCPPorts = [
+      4949 # munin-node
+    ];
  };

  # Use the GRUB 2 boot loader.