privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

modules/hyprspace: run on multiple ports for firewall resilience

Browse source
This commit is contained in:
Max Headroom 2023-10-27 21:49:00 +02:00
parent 7a6720092d
commit bcaecf492a
1 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
modules/hyprspace/default.nix
View file

@ -20,7 +20,9 @@ let
in [ in [
"/ip4/${addr}/tcp/${port}" "/ip4/${addr}/tcp/${port}"
"/ip4/${addr}/udp/${port}/quic-v1" "/ip4/${addr}/udp/${port}/quic-v1"
]; ]
++ (map (port: "/ip4/${addr}/tcp/${toString port}") additionalTCPPorts)
++ (map (port: "/ip4/${addr}/udp/${toString port}/quic-v1") additionalQUICPorts);
privateKey = "@HYPRSPACEPRIVATEKEY@"; privateKey = "@HYPRSPACEPRIVATEKEY@";
peers = peerList; peers = peerList;
}); });
@ -28,6 +30,15 @@ let
privateKeyFile = config.age.secrets.hyprspace-key.path; privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.json"; runConfig = "/run/hyprspace.json";
nameservers = lib.unique config.networking.nameservers; nameservers = lib.unique config.networking.nameservers;
additionalTCPPorts = [
21
];
additionalQUICPorts = [
21
443
500
];
in { in {
links.hyprspaceMetrics.protocol = "http"; links.hyprspaceMetrics.protocol = "http";
@ -77,8 +88,8 @@ in {
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ listenPort ]; allowedTCPPorts = [ listenPort ] ++ additionalTCPPorts;
allowedUDPPorts = [ listenPort ]; allowedUDPPorts = [ listenPort ] ++ additionalQUICPorts;
trustedInterfaces = [ "hyprspace" ]; trustedInterfaces = [ "hyprspace" ];
}; };