yggdrasil-wg: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-10-09 11:25:49 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-10-09 11:25:49 +0200
commit: cbe13936a152eaab0e421c9dd1d19787e2ed7f16 (patch)
tree: 5900bab6d2c2c7a86e42fff233f2ba9814c117d9
parent: 0365d3e1efc936ead80fb768312bb005780d2940 (diff)
download: nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar
nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar.gz
nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar.bz2
nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar.xz
nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index e81fee84..d0d6e522 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -91,6 +91,7 @@ in {
    networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair hostIPs)));
+    systemd.services.firewall.path = optionals isRouter [pkgs.procps];
    networking.firewall = mkIf isRouter {
      extraCommands = ''
        iptables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-10-09 11:25:49 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-10-09 11:25:49 +0200
commit	cbe13936a152eaab0e421c9dd1d19787e2ed7f16 (patch)
tree	5900bab6d2c2c7a86e42fff233f2ba9814c117d9
parent	0365d3e1efc936ead80fb768312bb005780d2940 (diff)
download	nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar.gz nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar.bz2 nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.tar.xz nixos-cbe13936a152eaab0e421c9dd1d19787e2ed7f16.zip

diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index e81fee84..d0d6e522 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix
@@ -91,6 +91,7 @@ in {
91		91
92	networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair hostIPs)));	92	networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair hostIPs)));
93		93
		94	systemd.services.firewall.path = optionals isRouter [pkgs.procps];
94	networking.firewall = mkIf isRouter {	95	networking.firewall = mkIf isRouter {
95	extraCommands = ''	96	extraCommands = ''
96	iptables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept	97	iptables -A FORWARD -i yggdrasil -o yggdrasil -j nixos-fw-accept