B4L/cnx-network-clan
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format tree with treefmt

Browse Source
This commit is contained in:
Berwn
2026-06-16 16:46:17 +07:00
parent cf0d796bee
commit de7d950596
9 changed files with 104 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hetzner-firewall-rules.nix
+22 -4
View File
@@ -4,7 +4,10 @@
# Public SSH (22) is intentionally absent: admin access rides the ZeroTier mesh
# (inside UDP 9993), with emergency-access as the console fallback.
let
world = [ "0.0.0.0/0" "::/0" ];
world = [
"0.0.0.0/0"
"::/0"
];
zerotier = {
direction = "in";
@@ -22,14 +25,29 @@ let
};
dnsRules = [
{ direction = "in"; protocol = "udp"; port = "53"; source_ips = world; description = "DNS (UDP)"; }
{ direction = "in"; protocol = "tcp"; port = "53"; source_ips = world; description = "DNS (TCP)"; }
{
direction = "in";
protocol = "udp";
port = "53";
source_ips = world;
description = "DNS (UDP)";
}
{
direction = "in";
protocol = "tcp";
port = "53";
source_ips = world;
description = "DNS (TCP)";
}
zerotier
ping
];
in
{
"clan-control" = [ zerotier ping ];
"clan-control" = [
zerotier
ping
];
"clan-ns1" = dnsRules;
"clan-ns2" = dnsRules;
}