From fd78bbb4ce5a9634e1f8c51b82ccfa958e10b45e Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 4 May 2022 08:35:56 +0200
Subject: sif: nftables

---
 hosts/sif/default.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'hosts/sif/default.nix')

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 11f74373..bcfa1e10 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -65,13 +65,19 @@ in {
         "::1" = [ "sif.yggdrasil" "sif" ];
       };
 
-      firewall = {
+      firewall.enable = false;
+      nftables = {
         enable = true;
-        allowedTCPPorts = [ 22 # ssh
-                            8000 # quickserve
-                          ];
+        rulesetFile = ./ruleset.nft;
       };
 
+      # firewall = {
+      #   enable = true;
+      #   allowedTCPPorts = [ 22 # ssh
+      #                       8000 # quickserve
+      #                     ];
+      # };
+
       # wlanInterfaces = {
       #   wlan0 = {
       #     device = "wlp82s0";
-- 
cgit v1.2.3