diff --git a/flake.lock b/flake.lock index 8ffbb7c..58acaaa 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692134936, - "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", + "lastModified": 1694499547, + "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", + "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1692174805, - "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", + "lastModified": 1694669921, + "narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", + "rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c", "type": "github" }, "original": { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 720c7d7..543e998 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -23,6 +23,8 @@ supportedFilesystems = [ "zfs" ]; tmp.useTmpfs = true; + + kernel.sysctl."net.ipv6.conf.all.forwarding" = true; }; documentation.nixos.enable = false; @@ -88,6 +90,7 @@ }; firewall = { + enable = true; allowedTCPPorts = [ 80 443 ]; allowedUDPPorts = [ ]; interfaces.eno2 = { @@ -101,7 +104,11 @@ 3483 # Slimserver ]; }; - enable = true; + extraCommands = '' + ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A FORWARD -j ACCEPT -i eno2 + ip6tables -A FORWARD -j nixos-fw-log-refuse + ''; }; }; @@ -118,6 +125,12 @@ IPv6AcceptRA = "yes"; }; }; + "40-eno2" = { + networkConfig = { + IPv6SendRA = "yes"; + DHCPPrefixDelegation = "yes"; + }; + }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; };