rpi-ext: better security

This commit is contained in:
Sebastien Bourdeauducq 2021-03-17 20:58:47 +08:00
parent 42e67398bf
commit 94aecce3e2

View File

@ -128,7 +128,7 @@
services.printing.enable = true; services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ]; services.printing.drivers = [ pkgs.hplip ];
services.printing.browsing = true; services.printing.browsing = true;
services.printing.listenAddresses = [ "*:631" ]; services.printing.listenAddresses = [ "192.168.1.30:631" ];
services.printing.defaultShared = true; services.printing.defaultShared = true;
hardware.sane.enable = true; hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.hplip ]; hardware.sane.extraBackends = [ pkgs.hplip ];
@ -140,7 +140,7 @@
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = ["192.168.1.0/24"]; hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = ["192.168.1.0/24"];
networking.firewall.allowedTCPPorts = [ 631 4713 ]; networking.firewall.allowedTCPPorts = [ 631 4713 ];
networking.firewall.allowedUDPPorts = [ 53 67 ]; networking.firewall.interfaces.wlan0.allowedUDPPorts = [ 53 67 ];
nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
nix.binaryCaches = ["https://cache.nixos.org" "https://nixbld.m-labs.hk"]; nix.binaryCaches = ["https://cache.nixos.org" "https://nixbld.m-labs.hk"];