commit 38aa2bb71d480f614ddb29c9fe00ad9a7237d73f
parent 282f7c0282668ed0cdc3d06acfc24ebb597d881a
Author: Milutin Popovic <milutin@popovic.xyz>
Date: Thu, 2 Apr 2026 21:53:19 +0100
firewall: dont allow any incomming ports
Diffstat:
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/machines/frame/configuration.nix b/machines/frame/configuration.nix
@@ -38,13 +38,13 @@
};
};
- virtualisation.docker = {
- enable = true;
- rootless = {
- enable = true;
- setSocketVariable = true;
- };
- };
+ # virtualisation.docker = {
+ # enable = true;
+ # rootless = {
+ # enable = true;
+ # setSocketVariable = true;
+ # };
+ # };
# boot
boot = {
@@ -75,7 +75,12 @@
# netowrk
networking.hostName = "${hostName}";
networking.wireless.enable = true;
- networking.firewall.enable = false;
+
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ ];
+ };
# time/locale
i18n.defaultLocale = "en_US.UTF-8";
@@ -157,7 +162,7 @@
touchpad.naturalScrolling = false;
};
openssh = {
- enable = true;
+ enable = false;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
diff --git a/modules/niri.nix b/modules/niri.nix
@@ -233,17 +233,12 @@
}
{
command = [
- "swayidle"
+ "${lib.getExe pkgs.swayidle}"
"-w"
"timeout"
"300"
"swaylock -f -c 000000"
"timeout"
- "600"
- "swaymsg \"output * power off\""
- "resume"
- "swaymsg \"output * power on\""
- "timeout"
"900"
"systemctl suspend-then-hibernate"
"before-sleep"
