From cf9dedf17a6107aa217d3fa93dda5317b45000c5 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 12 Dec 2023 17:44:28 +0100
Subject: [PATCH] networking updates

---
 hosts/falkenstein/modules/fail2ban/default.nix | 4 ++++
 hosts/falkenstein/modules/networks/default.nix | 5 +++++
 hosts/nuc/modules/networks/default.nix         | 5 +++++
 shared/default.nix                             | 1 +
 4 files changed, 15 insertions(+)

diff --git a/hosts/falkenstein/modules/fail2ban/default.nix b/hosts/falkenstein/modules/fail2ban/default.nix
index 89ca3b2..658f87c 100644
--- a/hosts/falkenstein/modules/fail2ban/default.nix
+++ b/hosts/falkenstein/modules/fail2ban/default.nix
@@ -2,6 +2,10 @@
 {
   services.fail2ban = {
     enable = true;
+    ignoreIP = [
+      "141.30.0.0/16"
+      "141.76.0.0/16"
+    ];
     bantime = "10m";
     bantime-increment = {
       enable = true;
diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix
index 7f394c8..6f340d5 100644
--- a/hosts/falkenstein/modules/networks/default.nix
+++ b/hosts/falkenstein/modules/networks/default.nix
@@ -17,6 +17,11 @@
     domain = "rfive.de";
     useNetworkd = true;
     enableIPv6 = true;
+    firewall = {
+      extraInputRules = ''
+        ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
+      '';
+    };
   };
   services.resolved = {
     dnssec = "true";
diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix
index 2ddffc1..19eaf26 100644
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@@ -6,6 +6,11 @@
     useNetworkd = true;
     enableIPv6 = true;
     nftables.enable = true;
+    firewall = {
+      extraInputRules = ''
+        ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
+      '';
+    };
   };
   services.lldpd.enable = true;
   services.resolved = {
diff --git a/shared/default.nix b/shared/default.nix
index 8659bc7..1774f04 100644
--- a/shared/default.nix
+++ b/shared/default.nix
@@ -6,6 +6,7 @@
     ./gpg.nix
     ./vim.nix
     ./nix.nix
+    ./systemd.nix
     ./tmux.nix
     ./yazi.nix
     ./zsh.nix