felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
nixos-config/system/server.nix
Felix Schröter c90efc40f8
feat(system): enable Mullvad VPN for server 
Configure it to exclude incoming traffic for web server.
2023-04-29 21:32:24 +02:00

30 lines
966 B
Nix
Raw Blame History

{ config, pkgs, ... }:
{
imports = [ ./common.nix ./vpn.nix ];
# use xserver without display manager
services.xserver.displayManager.startx.enable = true;
# Allow web server to be accessible outside of Mullvad VPN
networking.firewall.extraCommands = ''
${pkgs.nftables}/bin/nft -f ${
pkgs.writeText "mullvad-incoming" ''
table inet allow-incoming-traffic {
chain allow-incoming {
type filter hook input priority -100; policy accept;
tcp dport {80, 443} ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
udp dport {80, 443} ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
chain allow-outgoing {
type route hook output priority -100; policy accept;
tcp sport {80, 443} ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
udp sport {80, 443} ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
}
''
}
'';
}
Reference in a new issue View git blame Copy permalink