From 94aecce3e2c0c8489364abcbe895adb7496c2772 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Wed, 17 Mar 2021 20:58:47 +0800 Subject: [PATCH] rpi-ext: better security --- nixops/rpi-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixops/rpi-server.nix b/nixops/rpi-server.nix index 13ea3e1e..67b90846 100644 --- a/nixops/rpi-server.nix +++ b/nixops/rpi-server.nix @@ -128,7 +128,7 @@ services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; services.printing.browsing = true; - services.printing.listenAddresses = [ "*:631" ]; + services.printing.listenAddresses = [ "192.168.1.30:631" ]; services.printing.defaultShared = true; hardware.sane.enable = true; hardware.sane.extraBackends = [ pkgs.hplip ]; @@ -140,7 +140,7 @@ hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = ["192.168.1.0/24"]; networking.firewall.allowedTCPPorts = [ 631 4713 ]; - networking.firewall.allowedUDPPorts = [ 53 67 ]; + networking.firewall.interfaces.wlan0.allowedUDPPorts = [ 53 67 ]; nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="]; nix.binaryCaches = ["https://cache.nixos.org" "https://nixbld.m-labs.hk"];