rm friendlyport

2025-05-24 15:50:52 +00:00
parent 90013a224d
commit 7252ba1582
13 changed files with 0 additions and 162 deletions
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -5,7 +5,6 @@
    ./btrfsborg
    ./btrfssnapshot
    ./deployerbot
-    ./friendlyport
    ./frigate
    ./gitea
    ./grafana
--- a/modules/services/friendlyport/default.nix
+++ b/modules/services/friendlyport/default.nix
@@ -1,59 +0,0 @@
-{ config, lib, ... }:
-{
-  options.mj.services.friendlyport = with lib.types; {
-    ports = lib.mkOption {
-      type = listOf (submodule {
-        options = {
-          subnets = lib.mkOption { type = listOf str; };
-          tcp = lib.mkOption {
-            type = listOf int;
-            default = [ ];
-          };
-          udp = lib.mkOption {
-            type = listOf int;
-            default = [ ];
-          };
-        };
-      });
-    };
-  };
-
-  config =
-    let
-      inherit (config.mj.services.friendlyport) ports;
-
-      mkAdd =
-        proto: subnets: ints:
-        let
-          subnetsS = builtins.concatStringsSep "," subnets;
-          intsS = builtins.concatStringsSep "," (map builtins.toString ints);
-        in
-        if builtins.length ints == 0 then
-          ""
-        else
-          "iptables -A INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT";
-
-      startTCP = map (attr: mkAdd "tcp" attr.subnets attr.tcp) ports;
-      startUDP = map (attr: mkAdd "udp" attr.subnets attr.udp) ports;
-
-      # TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process.
-      # How to stop the old one and start the new one?
-      mkDel =
-        proto: subnets: ints:
-        let
-          subnetsS = builtins.concatStringsSep "," subnets;
-          intsS = builtins.concatStringsSep "," (map builtins.toString ints);
-        in
-        if builtins.length ints == 0 then
-          ""
-        else
-          "iptables -D INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT || :";
-
-      stopTCP = map (attr: mkDel "tcp" attr.subnets attr.tcp) ports;
-      stopUDP = map (attr: mkDel "udp" attr.subnets attr.udp) ports;
-    in
-    {
-      networking.firewall.extraCommands = lib.concatLines (startTCP ++ startUDP);
-      networking.firewall.extraStopCommands = lib.concatLines (stopTCP ++ stopUDP);
-    };
-}
--- a/modules/services/grafana/default.nix
+++ b/modules/services/grafana/default.nix
@@ -1,7 +1,6 @@
 {
  config,
  lib,
-  myData,
  ...
 }:
 let
@@ -50,13 +49,6 @@ in
      };
    };

-    mj.services.friendlyport.ports = [
-      {
-        subnets = [ myData.subnets.tailscale.cidr ];
-        tcp = [ cfg.port ];
-      }
-    ];
-
  };

 }
--- a/modules/services/hass/default.nix
+++ b/modules/services/hass/default.nix
@@ -14,13 +14,6 @@ in
  };

  config = lib.mkIf cfg.enable {
-    mj.services.friendlyport.ports = [
-      {
-        subnets = [ myData.subnets.tailscale.cidr ];
-        tcp = [ myData.ports.hass ];
-      }
-    ];
-
    environment.systemPackages = [ ];

    services = {
--- a/modules/services/jakstpub/default.nix
+++ b/modules/services/jakstpub/default.nix
@@ -117,21 +117,5 @@ in
      ];
    };

-    mj.services.friendlyport.ports = [
-      {
-        subnets = with myData.subnets; [
-          tailscale.cidr
-          vno1.cidr
-          vno3.cidr
-        ];
-        tcp = [
-          #80 # caddy above
-          139 # smbd
-          445 # smbd
-          5357 # wsdd
-        ];
-        udp = [ 3702 ]; # wsdd
-      }
-    ];
  };
 }
--- a/modules/services/node_exporter/default.nix
+++ b/modules/services/node_exporter/default.nix
@@ -38,11 +38,5 @@ in
      gid = myData.uidgid.node_exporter;
    };

-    mj.services.friendlyport.ports = [
-      {
-        subnets = [ myData.subnets.tailscale.cidr ] ++ cfg.extraSubnets;
-        tcp = [ myData.ports.exporters.node ];
-      }
-    ];
  };
 }
--- a/modules/services/ping_exporter/default.nix
+++ b/modules/services/ping_exporter/default.nix
@@ -1,7 +1,6 @@
 {
  config,
  lib,
-  myData,
  ...
 }:
 let
@@ -43,11 +42,5 @@ in
      };
    };

-    mj.services.friendlyport.ports = [
-      {
-        subnets = [ myData.subnets.tailscale.cidr ];
-        tcp = [ config.services.prometheus.exporters.ping.port ];
-      }
-    ];
  };
 }
--- a/modules/services/ssh8022/default.nix
+++ b/modules/services/ssh8022/default.nix
@@ -43,13 +43,6 @@
      in
      lib.mkIf cfg.enable {

-        mj.services.friendlyport.ports = lib.mkIf (!cfg.openGlobalFirewall) [
-          {
-            subnets = [ myData.subnets.tailscale.cidr ];
-            tcp = [ 22 ];
-          }
-        ];
-
        services = {
          openssh.openFirewall = cfg.openGlobalFirewall;

--- a/modules/services/syncthing/default.nix
+++ b/modules/services/syncthing/default.nix
@@ -194,13 +194,6 @@ in
  };

  config = lib.mkIf cfg.enable {
-    mj.services.friendlyport.ports = [
-      {
-        subnets = myData.subnets.motiejus.cidrs;
-        tcp = [ 8384 ];
-      }
-    ];
-
    services.syncthing = {
      inherit (cfg)
        enable
--- a/modules/services/vaultwarden/default.nix
+++ b/modules/services/vaultwarden/default.nix
@@ -1,7 +1,6 @@
 {
  config,
  lib,
-  myData,
  ...
 }:
 let
@@ -45,13 +44,6 @@ in
      };
    };

-    mj.services.friendlyport.ports = [
-      {
-        subnets = [ myData.subnets.tailscale.cidr ];
-        tcp = [ cfg.port ];
-      }
-    ];
-
  };

 }