Skip to content

Oak-Digital/nixos-ip-whitelist-firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
modules
modules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

NixOS ip based allowed ports

FlakeHub

This NixOS module lets you open ports in your firewall that is only accepted by certain ips.

Let's say you have a postgresql database that you want to access from another server, then instead of opening the port to the entire world, you can just open the port to specific ips.

{
  networking.firewall.ipBasedAllowedTCPPorts = [
    {
      port = 5432;
      ips = [
        ipOffice
        ipHome
      ];
    }
  ];
}

Usage and installation

To use this module, add the flake to your flake.

# flake.nix
{
  inputs = {
    ip-whitelist.url = "github:Oak-Digital/nixos-ip-whitelist-firewall";
  };
  # ...
}

Then import the module in your configuration.

{ inputs, ... }:

{
  imports = [
    inputs.ip-whitelist.nixosModules.default
  ];
  #...
}

And now you can configure the ports that should be ip whitelisted.

let
  ipOffice = "x.x.x.x";
  ipHome = "y.y.y.y";
  ipDatacenter = "z.z.z.z/24";
in
{
  networking.firewall.ipBasedAllowedTCPPorts = [
    {
      port = 5432;
      ips = [
        ipOffice
        ipHome
        ipDatacenter
      ];
    }
  ];
}

About

A simple NixOS module for ip whitelisting certain ports

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

v0.0.5 Latest
Dec 4, 2024
+ 3 releases

Packages

No packages published

Languages