motiejus/config
1
Fork 0
Code Packages Releases Activity

prometheus: beginnings

Browse Source
This commit is contained in:
Motiejus Jakštys
2023-08-05 18:28:59 +03:00
parent f4e04faef3
commit 665e79a984
3 changed files with 48 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/services/friendlyport/default.nix
View File

@@ -16,7 +16,9 @@
hosts = lib.attrVals ["mxp10.motiejus.jakst" "fwmine.motiejus.jakst"] myData.hosts;
ips = lib.catAttrs "jakstIP" hosts;
startLines = map (ip: "iptables -A INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT") ips;
stopLines = map (ip: "iptables -D INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT") ips;
# TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process.
# How to stop the old one and start the new one?
stopLines = map (ip: "iptables -D INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT || :") ips;
in {
networking.firewall.extraCommands = lib.concatLines startLines;
networking.firewall.extraStopCommands = lib.concatLines stopLines;