fix: obliterate firewall interna;;y

2025-06-23 20:01:24 -04:00 · 2025-06-23 20:01:24 -04:00 · 7b152ccd16
commit 7b152ccd16
parent 05bca5b139
5 changed files with 16 additions and 24 deletions
--- a/configurations/nixos/forgejo-runner-tofu/default.nix
+++ b/configurations/nixos/forgejo-runner-tofu/default.nix
@ -29,10 +29,6 @@ in
      "gitea-runner"
    ];
  };
-  networking.extraHosts = ''
-    192.168.1.5 git.skdevstudios.com
-    192.168.1.5 tofu.skdevstudios.com
-  '';
  sops.secrets.forgejo-runners-token = {
    # owner = "gitea-runner";
    # group = "gitea-runner";
@ -63,7 +59,6 @@ in
    };
  };
  networking = {
-    firewall.enable = lib.mkForce false;
    hostName = "forgejo-runner-tofu";
  };
  environment.systemPackages = with pkgs; [
--- a/configurations/nixos/tofu/default.nix
+++ b/configurations/nixos/tofu/default.nix
@ -39,7 +39,6 @@ in
    };
  };
  networking = {
-    firewall.enable = lib.mkForce false;
    hostName = "tofu";
  };
  environment.systemPackages = [
--- a/hosts.json
+++ b/hosts.json
@ -1,9 +1,9 @@
 {
-  "arma-reforger-tofu": "201:61dd:8232:55d9:f6ee:2594:d661:b202",
-  "base-tofu": "200:d642:9eee:8f38:d9f3:8272:817d:75da",
+  "arma-reforger-tofu": "201:b0c:a372:e09f:dec7:cd9f:4bb1:a046",
+  "base-tofu": "203:852f:b5e9:928b:9534:957d:83a4:3eff",
  "forgejo-runner-tofu": "201:ea26:66c7:657b:3599:63a6:c66c:d388",
  "link-warden-tofu": "200:7e25:554c:6df3:2c5:2de:6f9f:a96d",
-  "medchart-tofu": "204:f882:d45f:4bd9:a3a7:bdbc:d370:9a14",
+  "medchart-tofu": "200:691:a5d3:1414:5a67:8372:8af8:6cd2",
  "observer-tofu": "200:b938:d405:92df:a6e:1ffd:5213:26b",
  "tofu": "200:1978:6503:e6f0:2dbe:11fd:74b:ff64"
 }
--- a/modules/nixos/common/incus.nix
+++ b/modules/nixos/common/incus.nix
@ -14,20 +14,19 @@
  };

  networking = {
-    firewall = {
-      # enable = true;
-      interfaces = {
-        ygg0 = {
-          allowedTCPPorts = [ 22 ];
-          allowedUDPPorts = [ ];
-        };
-      };
+    #   firewall = {
+    firewall.enable = false;
+    #     interfaces = {
+    #       ygg0 = {
+    #         allowedTCPPorts = [ 22 ];
+    #         allowedUDPPorts = [ ];
+    #       };
+    #     };

-      # Default deny policy for all interfaces (including ygg0)
-      allowPing = false;
-      allowedTCPPorts = [ ];
-      allowedUDPPorts = [ ];
-    };
+    #     # Default deny policy for all interfaces (including ygg0)
+    #     allowedTCPPorts = [ ];
+    #     allowedUDPPorts = [ ];
+    #   };
    dhcpcd.enable = false;
    useDHCP = false;
    useHostResolvConf = false;
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -1,9 +1,8 @@
 # This is your nixos configuration.
 # For home configuration, see /modules/home/*
-{ flake, ... }:
+{ flake, pkgs, ... }:
 {
  imports = [
    flake.inputs.self.nixosModules.common
  ];
-
 }