From 45309918273d58b91d3c26681491cc53b248dbbd Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 25 Sep 2021 12:32:27 +0000 Subject: [PATCH] bvm-radius: RADIUS fw/pkg setup --- ops/nixos/bvm-radius/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ops/nixos/bvm-radius/default.nix b/ops/nixos/bvm-radius/default.nix index 2615a9a4c8..468fb35f05 100644 --- a/ops/nixos/bvm-radius/default.nix +++ b/ops/nixos/bvm-radius/default.nix @@ -24,8 +24,25 @@ in { }; defaultGateway = { address = "92.118.28.1"; interface = "enp2s0"; }; defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; + + firewall = { + extraCommands = '' + # Allow JANET inbound RADIUS traffic. + ip46tables -A nixos-fw -p udp --dport 1812 --src roaming0.ja.net -j nixos-fw-accept + ip46tables -A nixos-fw -p udp --dport 1812 --src roaming1.ja.net -j nixos-fw-accept + ip46tables -A nixos-fw -p udp --dport 1812 --src roaming2.ja.net -j nixos-fw-accept + + # Allow inbound RADIUS from authenticators. + ip6tables -A nixos-fw -p udp --dport 1812 --src 2a09:a443::/64 -j nixos-fw-accept + iptables -A nixos-fw -p udp --dport 1812 --src 92.118.30.0/24 -j nixos-fw-accept + ''; + }; }; my.ip.tailscale = "100.120.98.116"; + environment.systemPackages = with pkgs; [ + freeradius + ]; + system.stateVersion = "21.05"; }