cyclone: Ensure Syncthing has firewall access

2025-05-15 19:03:43 -05:00 · 2025-05-15 19:03:43 -05:00 · d9be1ba0e2
commit d9be1ba0e2
parent 541fda0f39
2 changed files with 26 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -91,11 +91,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747225851,
-        "narHash": "sha256-4IbmZrNOdXP143kZEUzxBS5SqyxUlaSHLgdpeJfP2ZU=",
+        "lastModified": 1747340209,
+        "narHash": "sha256-tUiXrwlJoG3dzJ+fSwv1S3VPU5ODSPZJHoBmlu4t344=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "6bf057fc8326e83bda05a669fc08d106547679fb",
+        "rev": "098e365dd83311cc8236f83ea6be42abb49a6c76",
        "type": "github"
      },
      "original": {
@ -126,11 +126,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747138802,
-        "narHash": "sha256-Ou4zV3OskaDKlkuiM2VT+1w/xceXoZ5RRM4ZuW7n5+I=",
+        "lastModified": 1747297701,
+        "narHash": "sha256-R8mFJL3lREsJNDqPHbsn03imKoH2ocpzgT2kKWsWYBM=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "f88be00227161a1e9369a1d199f452dd5d720feb",
+        "rev": "b6fff20c692d684d250a39453ed1853dd44c96ab",
        "type": "github"
      },
      "original": {
@ -141,11 +141,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1746904237,
-        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "lastModified": 1747179050,
+        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
        "type": "github"
      },
      "original": {
--- a/hosts/linux/cyclone/configuration.nix
+++ b/hosts/linux/cyclone/configuration.nix
@ -9,8 +9,22 @@
  networking = {
    hostName = "cyclone";
    hostId = "79696666";
-    # Allow WireGuard.
-    firewall.checkReversePath = "loose";
+    firewall = {
+      # Allow WireGuard.
+      checkReversePath = "loose";
+
+      interfaces = {
+        # Syncthing
+        "enp14s0" = {
+          allowedTCPPorts = [ 22000 ];
+          allowedUDPPorts = [ 21027 ];
+        };
+        "tailscale0" = {
+          allowedTCPPorts = [ 22000 ];
+          allowedUDPPorts = [ 21027 ];
+        };
+      };
+    };
  };

  # General service configuration.
@ -126,6 +140,7 @@
    jetbrains.idea-ultimate
    signal-desktop
    srain
+    tcpdump
    tuba
    wireshark
    vscode