esavkin
/
nix-scripts
forked from M-Labs/nix-scripts
1
0
Fork 0
Code Pull Requests Activity

nixbld: filter CUPS access using firewall 

CUPS listenAddresses is problematic.
This commit is contained in:
Sebastien Bourdeauducq 2019-10-15 19:20:32 +08:00
parent f3fe798126
commit dd490121b6
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixbld-etc-nixos/configuration.nix
View File

@ -38,8 +38,9 @@ in
networking = { networking = {
hostName = "nixbld"; hostName = "nixbld";
firewall = { firewall = {
allowedTCPPorts = [ 80 443 631 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 53 67 631 ]; allowedUDPPorts = [ 53 67 ];
trustedInterfaces = [ netifLan ];
}; };
networkmanager.unmanaged = [ "interface-name:${netifLan}" "interface-name:${netifWifi}" ]; networkmanager.unmanaged = [ "interface-name:${netifLan}" "interface-name:${netifWifi}" ];
interfaces."${netifLan}".ipv4.addresses = [{ interfaces."${netifLan}".ipv4.addresses = [{
@ -133,7 +134,7 @@ in
services.printing.enable = true; services.printing.enable = true;
services.printing.drivers = [ pkgs.hplipWithPlugin ]; services.printing.drivers = [ pkgs.hplipWithPlugin ];
services.printing.browsing = true; services.printing.browsing = true;
services.printing.listenAddresses = [ "192.168.1.1:631" ]; services.printing.listenAddresses = [ "*:631" ];
services.printing.defaultShared = true; services.printing.defaultShared = true;
hardware.sane.enable = true; hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ]; hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];