arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:f0eb0275502e58e4e5294a5bff7943be14fad7d0
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:e7ec6720da489e7b9ccf84508fab19a76ea92193
Branches Tags
arch:trunk
arch:woodpecker-ci

2 commits
f0eb027550 ... e7ec6720da

Author SHA1 Message Date
Gabriel Simmer e7ec6720da
Update firewall rules & enable
Some checks failed
Lint / lint (push) Failing after 0s
Details
2023-08-06 00:04:21 +01:00
Gabriel Simmer 22439f958f
Ensure cgroup is enabled for k3s nodes 2023-08-06 00:03:44 +01:00
5 changed files with 12 additions and 4 deletions
Show stats Expand all files Collapse all files

5
krops/glasgow/configuration.nix
View file

@ -9,6 +9,7 @@
boot = {
supportedFilesystems = [ "nfs" ];
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [ "cgroup_enable=memory" "cgroup_enable=cpuset" "cgroup_memory=1" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@ -46,7 +47,9 @@
firewall = {
trustedInterfaces = ["tailscale0"];
checkReversePath = "loose";
enable = false;
allowedUDPPorts = [ 41641 ];
allowedTCPPorts = [ 22 53 80 443 ];
enable = true;
};
nftables.enable = true;
};

3
krops/london/configuration.nix
View file

@ -57,9 +57,10 @@
hostName = "LONDON";
networkmanager.enable = true;
firewall = {
enable = false;
enable = true;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
allowedUDPPorts = [ 41641 ];
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};

2
krops/nas/configuration.nix
View file

@ -217,7 +217,7 @@
checkReversePath = "loose";
enable = true;
allowedTCPPorts = [ 22 53 80 443 ];
allowedUDPPorts = [ 53 ];
allowedUDPPorts = [ 53 41641 ];
};
nftables.enable = true;
};

1
krops/oracle-nix-cache/configuration.nix
View file

@ -39,6 +39,7 @@
{ from = 4000; to = 4007; }
{ from = 8000; to = 8010; }
];
allowedUDPPorts = [ 41641 ];
enable = true;
};
nftables.enable = true;

5
krops/seattle/configuration.nix
View file

@ -9,6 +9,7 @@
boot = {
supportedFilesystems = [ "nfs" ];
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [ "cgroup_enable=memory" "cgroup_enable=cpuset" "cgroup_memory=1" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
@ -46,7 +47,9 @@
firewall = {
trustedInterfaces = ["tailscale0"];
checkReversePath = "loose";
enable = false;
allowedTCPPorts = [ 22 53 80 443 ];
allowedUDPPorts = [ 41641 ];
enable = true;
};
nftables.enable = true;
};