72084f1a7e
Now that we have networking working, I can enable the firewall and confirm nothing breaks.
36 lines
780 B
Nix
36 lines
780 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [ ];
|
|
|
|
options.me = {
|
|
debugging.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
example = true;
|
|
description = "Whether we want to install debugging.";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.me.debugging.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
net-tools # for netstat
|
|
tcpdump
|
|
e2fsprogs # mkfs.ext4
|
|
gptfdisk # cgdisk
|
|
arp-scan # To find devices on the network
|
|
ldns # for drill
|
|
];
|
|
|
|
# This can make debugging easier by rejecting packets instead of dropping them:
|
|
networking.firewall.rejectPackets = true;
|
|
# Log each rejected packet instead of just each connection.
|
|
networking.firewall.logRefusedPackets = true;
|
|
};
|
|
}
|