Commit graph

7 commits

Author SHA1 Message Date
a5dd06225b
parsons/nftables: don't log refused connections 2024-10-11 14:22:52 +02:00
281745d7a6 simplify nat on parsons 2024-04-07 16:25:08 +02:00
1ad0a7751c use networking.firewall instead of nftables.ruleset 2024-04-07 15:57:51 +02:00
7b9e423999 forgejo: final name changes gitea → forgejo
mostly just replacing strings to avoid confusion later on. Since our
containers are now ephemeral, renaming them is basically a non-issue
(though the files under /persist/containers & the uffd client name had
to be changed manually)
2024-02-25 23:24:07 +01:00
f29830ec93 format nftables.nix 2024-02-25 17:53:54 +01:00
62917423e3 render nftables's ruleset
This does the same as the last commit did for the nftnat module, but for
the more general nftables module. Note the weird whatspace again.
2024-02-18 13:39:54 +01:00
0f678c5e80 render nftnat's extraConfig
this removes usage of the nftnat module by rendering it into a static
nftables config. It's a no-op (modulo /etc/haccfiles) as far as nix is
concerned, hence the slightly off-putting whitespace of the multi-line
string.

This seems to me to be a better approach than just bundling the module,
since we only use it for two things (giving the containers network
access & forwarding port 22 to forgejo), which to me doesn't press for
using a custom module we can't really maintain on our own.
2024-02-17 00:04:51 +00:00