nixbld: filter CUPS access using firewall

CUPS listenAddresses is problematic.
This commit is contained in:
Sebastien Bourdeauducq 2019-10-15 19:20:32 +08:00
parent f3fe798126
commit dd490121b6

View File

@ -38,8 +38,9 @@ in
networking = { networking = {
hostName = "nixbld"; hostName = "nixbld";
firewall = { firewall = {
allowedTCPPorts = [ 80 443 631 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 53 67 631 ]; allowedUDPPorts = [ 53 67 ];
trustedInterfaces = [ netifLan ];
}; };
networkmanager.unmanaged = [ "interface-name:${netifLan}" "interface-name:${netifWifi}" ]; networkmanager.unmanaged = [ "interface-name:${netifLan}" "interface-name:${netifWifi}" ];
interfaces."${netifLan}".ipv4.addresses = [{ interfaces."${netifLan}".ipv4.addresses = [{
@ -133,7 +134,7 @@ in
services.printing.enable = true; services.printing.enable = true;
services.printing.drivers = [ pkgs.hplipWithPlugin ]; services.printing.drivers = [ pkgs.hplipWithPlugin ];
services.printing.browsing = true; services.printing.browsing = true;
services.printing.listenAddresses = [ "192.168.1.1:631" ]; services.printing.listenAddresses = [ "*:631" ];
services.printing.defaultShared = true; services.printing.defaultShared = true;
hardware.sane.enable = true; hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ]; hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];