prefect: cleanup networking config

Alan Pearce alan@alanpearce.eu

Mon, 03 Jun 2024 16:47:42 +0200

commit

7d1ce5817edf16ac0f7caabf4261c49ae883025c

parent

f5a6699de087225feec13f3de66c02f4986e99c0

1 files changed, 10 insertions(+), 14 deletions(-)

jump to

system/prefect.nix

M system/prefect.nix → system/prefect.nix

@@ -103,7 +103,6 @@ serviceConfig.ExecStart = "${pkgs.systemd}/bin/systemd-inhibit --mode block --what sleep --who 'ssh session '%I --why 'session still active' ${pkgs.coreutils}/bin/sleep infinity";   };
 
   systemd.network = {
-    enable = true;
     networks."40-enp7s0" = {
       dhcpV4Config = {
         UseDomains = true;
@@ -120,6 +119,7 @@ };     };
   };
   networking = {
+    hostName = "prefect";
     useDHCP = false;
     useNetworkd = true;
     interfaces.enp7s0 = {
@@ -128,20 +128,16 @@ };     hosts = {
       "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ];
     };
-  };
-  networking.nftables = {
-    enable = true;
-  };
-  networking.firewall = {
-    allowedTCPPorts = [ 80 443 139 445 1024 ];
-    extraInputRules = ''
-      ip saddr 10.0.0.0/8 accept
-      ip6 saddr { fd00::/8, fe80::/10 } accept
-    '';
-  };
 
-  networking = {
-    hostName = "prefect";
+    nftables = {
+      enable = true;
+    };
+    firewall = {
+      extraInputRules = ''
+        ip saddr 10.0.0.0/8 accept
+        ip6 saddr { fd00::/8, fe80::/10 } accept
+      '';
+    };
   };
 
   services.resolved = {

all repos — nixfiles @ 7d1ce5817edf16ac0f7caabf4261c49ae883025c

System and user configuration, managed by nix and home-manager