Add firewall and update readme

2025-12-18 09:19:39 +01:00 · 2022-07-19 10:50:37 +02:00 · 2022-07-19 10:50:37 +02:00 · 68c413212d
commit 68c413212d
parent 9f6bcc4441
4 changed files with 12 additions and 3 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -15,7 +15,7 @@ creation_rules:
          - *stefan_ellmauthaler
          - *nucturne

-  - path_regex: machines/metis/secrets/wireguard\.yaml
+  - path_regex: machines/metis/secrets/[^/]+\.yaml
    key_groups:
      - pgp:
        - *stefan_ellmauthaler
--- a/README.md
+++ b/README.md
@ -18,4 +18,4 @@
 * Rekey the secrets with either 
 	* a master key
 	* or after a git push on another machine with enough permissions to rekey
-* the flakes dev-shell (`nix devshell`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system
+* the flakes dev-shell (`nix develop`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system
--- a/modules/base.nix
+++ b/modules/base.nix
@ -24,6 +24,10 @@ with lib; {
      dev.enable = true;
    };

+    networking = {
+      firewall.enable = true;
+    };
+
    environment.systemPackages = with pkgs; [
      alacritty.terminfo
      bintools
--- a/secrets/shell.nix
+++ b/secrets/shell.nix
@ -11,5 +11,10 @@ in
 pkgs.mkShell {
  sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ];

-  nativeBuildInputs = [ sops-nix.sops-import-keys-hook sops-nix.ssh-to-pgp sops-rekey ];
+  nativeBuildInputs = [
+    sops-nix.sops-import-keys-hook
+    sops-nix.ssh-to-pgp
+    sops-rekey
+    pkgs.wireguard-tools
+  ];
 }