From d4872894ea6b9905249ae6601667feaca77e4927 Mon Sep 17 00:00:00 2001 From: DarkGuibrine Date: Mon, 11 May 2026 19:11:02 -0300 Subject: [PATCH 1/5] ativar firewall --- .../darkgui-vps/config/self-host/firewall.nix | 11 +++++----- .../config/self-host/self-host.nix | 20 ------------------- 2 files changed, 6 insertions(+), 25 deletions(-) diff --git a/hosts/darkgui-vps/config/self-host/firewall.nix b/hosts/darkgui-vps/config/self-host/firewall.nix index 7088305..d67e7d0 100644 --- a/hosts/darkgui-vps/config/self-host/firewall.nix +++ b/hosts/darkgui-vps/config/self-host/firewall.nix @@ -9,16 +9,17 @@ # Open ports in the firewall. networking.firewall = { - enable = false; + enable = true; allowedTCPPorts = [ + 22 80 + 81 443 + 3000 5335 7777 - ]; - allowedTCPPorts = [ - 5335 - 7777 + 9000 + 11000 ]; trustedInterfaces = [ "tailscale0" "docker0" ]; allowedUDPPorts = [ config.services.tailscale.port ]; diff --git a/hosts/darkgui-vps/config/self-host/self-host.nix b/hosts/darkgui-vps/config/self-host/self-host.nix index d297a45..01fb744 100644 --- a/hosts/darkgui-vps/config/self-host/self-host.nix +++ b/hosts/darkgui-vps/config/self-host/self-host.nix @@ -16,26 +16,6 @@ }; }; - # Open ports in the firewall. - networking.firewall = { - enable = false; - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPortRanges = [ - { - from = 47998; - to = 48000; - } - { - from = 48002; - to = 48010; - } - ]; - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; - }; boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 53; From ecd5523a9487aca271c8eeb459f4ffdb1f0b0207 Mon Sep 17 00:00:00 2001 From: DarkGuibrine Date: Mon, 11 May 2026 19:30:15 -0300 Subject: [PATCH 2/5] Update firewall.nix --- hosts/darkgui-vps/config/self-host/firewall.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/hosts/darkgui-vps/config/self-host/firewall.nix b/hosts/darkgui-vps/config/self-host/firewall.nix index d67e7d0..29c5456 100644 --- a/hosts/darkgui-vps/config/self-host/firewall.nix +++ b/hosts/darkgui-vps/config/self-host/firewall.nix @@ -6,7 +6,6 @@ ... }: { - # Open ports in the firewall. networking.firewall = { enable = true; @@ -21,8 +20,20 @@ 9000 11000 ]; + trustedInterfaces = [ "tailscale0" "docker0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; + allowedUDPPorts = [ + config.services.tailscale.port + 53 + 5300 + 7777 + 40000 + ]; + extraCommands = '' + iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000 + iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300 + iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300 + ''; }; } From f6e010e4c92df7c8ad6982e61c7343ca0235b662 Mon Sep 17 00:00:00 2001 From: DarkGuibrine Date: Tue, 12 May 2026 01:39:51 -0300 Subject: [PATCH 3/5] . --- hosts/darkgui-vps/config/pkgs.nix | 1 - .../config/self-host/self-host.nix | 42 ------------------- 2 files changed, 43 deletions(-) diff --git a/hosts/darkgui-vps/config/pkgs.nix b/hosts/darkgui-vps/config/pkgs.nix index dec1e31..e2d7809 100644 --- a/hosts/darkgui-vps/config/pkgs.nix +++ b/hosts/darkgui-vps/config/pkgs.nix @@ -31,7 +31,6 @@ python3 ## Segurança - unbound dig ]; } diff --git a/hosts/darkgui-vps/config/self-host/self-host.nix b/hosts/darkgui-vps/config/self-host/self-host.nix index 01fb744..7214c9e 100644 --- a/hosts/darkgui-vps/config/self-host/self-host.nix +++ b/hosts/darkgui-vps/config/self-host/self-host.nix @@ -36,46 +36,4 @@ ]; }; - services.unbound = { - enable = true; - settings = { - server = { - verbosity = 0; - interface = [ "0.0.0.0" "127.0.0.1" ]; - port = 5335; - - access-control = [ - "127.0.0.0/8 allow" - "10.0.0.0/8 allow" - "172.16.0.0/12 allow" - "192.168.0.0/16 allow" - ]; - - do-ip4 = "yes"; - do-udp = "yes"; - do-tcp = "yes"; - do-ip6 = "no"; - prefer-ip6 = "no"; - - harden-glue = "yes"; - harden-dnssec-stripped = "yes"; - use-caps-for-id = "no"; - edns-buffer-size = 1232; - prefetch = "yes"; - num-threads = 1; - so-rcvbuf = "1m"; - - private-address = [ - "192.168.0.0/16" - "169.254.0.0/16" - "172.16.0.0/12" - "10.0.0.0/8" - "fd00::/8" - "fe80::/10" - "100.0.0.0/8" - ]; - }; - }; - }; - } From 5be703f8092eb7aeff9a98604c5975ef052dce45 Mon Sep 17 00:00:00 2001 From: DarkGuibrine Date: Wed, 13 May 2026 22:59:59 -0300 Subject: [PATCH 4/5] . --- hosts/darkgui-vps/config/pkgs.nix | 3 +++ hosts/darkgui-vps/configuration.nix | 1 + 2 files changed, 4 insertions(+) diff --git a/hosts/darkgui-vps/config/pkgs.nix b/hosts/darkgui-vps/config/pkgs.nix index e2d7809..bac6945 100644 --- a/hosts/darkgui-vps/config/pkgs.nix +++ b/hosts/darkgui-vps/config/pkgs.nix @@ -18,6 +18,9 @@ unrar zerotierone ookla-speedtest + just + cargo + gcc ## Git gitFull diff --git a/hosts/darkgui-vps/configuration.nix b/hosts/darkgui-vps/configuration.nix index c642f59..80b16a6 100644 --- a/hosts/darkgui-vps/configuration.nix +++ b/hosts/darkgui-vps/configuration.nix @@ -32,6 +32,7 @@ in networking.hostName = vars.hostname; networking.networkmanager.enable = true; + networking.enableIPv6 = true; time.timeZone = vars.timezone; i18n.defaultLocale = vars.locale; From cbd838fe21fd602858a3413377f2af8fd877ee51 Mon Sep 17 00:00:00 2001 From: DarkGuibrine Date: Fri, 15 May 2026 16:18:31 -0300 Subject: [PATCH 5/5] . --- hosts/Alfa/conf/GM/Pkgs/pkgs.nix | 1 + hosts/darkgui-vps/config/imp.nix | 2 +- hosts/darkgui-vps/config/pkgs.nix | 1 + hosts/darkgui-vps/config/self-host/self-host.nix | 7 +++++++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/hosts/Alfa/conf/GM/Pkgs/pkgs.nix b/hosts/Alfa/conf/GM/Pkgs/pkgs.nix index 0715a55..3a8e9c1 100644 --- a/hosts/Alfa/conf/GM/Pkgs/pkgs.nix +++ b/hosts/Alfa/conf/GM/Pkgs/pkgs.nix @@ -22,6 +22,7 @@ ## Segurança / rede bitwarden-desktop tailscale + netbird zerotierone cloudflared sunshine diff --git a/hosts/darkgui-vps/config/imp.nix b/hosts/darkgui-vps/config/imp.nix index 3847202..77ba4e0 100644 --- a/hosts/darkgui-vps/config/imp.nix +++ b/hosts/darkgui-vps/config/imp.nix @@ -12,5 +12,5 @@ ./nix-helper.nix ./self-host/self-host.nix ./self-host/firewall.nix - ]; + ]; } diff --git a/hosts/darkgui-vps/config/pkgs.nix b/hosts/darkgui-vps/config/pkgs.nix index bac6945..f7358c7 100644 --- a/hosts/darkgui-vps/config/pkgs.nix +++ b/hosts/darkgui-vps/config/pkgs.nix @@ -21,6 +21,7 @@ just cargo gcc + netbird ## Git gitFull diff --git a/hosts/darkgui-vps/config/self-host/self-host.nix b/hosts/darkgui-vps/config/self-host/self-host.nix index 7214c9e..46a3e09 100644 --- a/hosts/darkgui-vps/config/self-host/self-host.nix +++ b/hosts/darkgui-vps/config/self-host/self-host.nix @@ -20,11 +20,18 @@ boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 53; "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; }; users.groups.docker.gid = 131; virtualisation.docker = { enable = true; + daemon.settings = { + ipv6 = true; + fixed-cidr-v6 = "fd00:db8:1::/64"; + ip6tables = true; + experimental = true; + }; }; services.tailscale = {