networking updates

2025-04-25 08:06:19 +02:00 · 2023-12-12 17:44:28 +01:00 · 2023-12-12 17:44:28 +01:00 · cf9dedf17a
commit cf9dedf17a
parent 9f6221d8b1
4 changed files with 15 additions and 0 deletions
--- a/hosts/falkenstein/modules/fail2ban/default.nix
+++ b/hosts/falkenstein/modules/fail2ban/default.nix
@ -2,6 +2,10 @@
 {
  services.fail2ban = {
    enable = true;
+    ignoreIP = [
+      "141.30.0.0/16"
+      "141.76.0.0/16"
+    ];
    bantime = "10m";
    bantime-increment = {
      enable = true;
--- a/hosts/falkenstein/modules/networks/default.nix
+++ b/hosts/falkenstein/modules/networks/default.nix
@ -17,6 +17,11 @@
    domain = "rfive.de";
    useNetworkd = true;
    enableIPv6 = true;
+    firewall = {
+      extraInputRules = ''
+        ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
+      '';
+    };
  };
  services.resolved = {
    dnssec = "true";
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@ -6,6 +6,11 @@
    useNetworkd = true;
    enableIPv6 = true;
    nftables.enable = true;
+    firewall = {
+      extraInputRules = ''
+        ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
+      '';
+    };
  };
  services.lldpd.enable = true;
  services.resolved = {