motiejus/config
1
Fork 0
Code Packages Releases Activity

rm friendlyport

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-05-24 15:50:52 +00:00
parent 90013a224d
commit 7252ba1582
13 changed files with 0 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/fwminex/configuration.nix
View File

@@ -746,21 +746,6 @@ in
saslPasswdPath = config.age.secrets.sasl-passwd.path; saslPasswdPath = config.age.secrets.sasl-passwd.path;
}; };
friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
udp = [ 443 ];
tcp = with myData.ports; [
80
443
soju
frigate
soju-ws
prometheus
];
}
];
}; };
}; };

12
hosts/vno3-nk/configuration.nix
View File

@@ -205,18 +205,6 @@ in
saslPasswdPath = config.age.secrets.sasl-passwd.path; saslPasswdPath = config.age.secrets.sasl-passwd.path;
}; };
#friendlyport.ports = [
# {
# subnets = [ myData.subnets.tailscale.cidr ];
# udp = [ 443 ];
# tcp = with myData.ports; [
# 80
# 443
# prometheus
# ];
# }
#];
deployerbot = { deployerbot = {
follower = { follower = {
enable = true; enable = true;

9
modules/base/default.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
myData,
... ...
}: }:
let let
@@ -55,14 +54,6 @@ in
time.timeZone = cfg.timeZone; time.timeZone = cfg.timeZone;
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ config.services.iperf3.port ];
udp = [ config.services.iperf3.port ];
}
];
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
supportedLocales = [ "all" ]; supportedLocales = [ "all" ];

1
modules/services/default.nix
View File

@@ -5,7 +5,6 @@
./btrfsborg ./btrfsborg
./btrfssnapshot ./btrfssnapshot
./deployerbot ./deployerbot
./friendlyport
./frigate ./frigate
./gitea ./gitea
./grafana ./grafana

59
modules/services/friendlyport/default.nix
View File

@@ -1,59 +0,0 @@
{ config, lib, ... }:
{
options.mj.services.friendlyport = with lib.types; {
ports = lib.mkOption {
type = listOf (submodule {
options = {
subnets = lib.mkOption { type = listOf str; };
tcp = lib.mkOption {
type = listOf int;
default = [ ];
};
udp = lib.mkOption {
type = listOf int;
default = [ ];
};
};
});
};
};
config =
let
inherit (config.mj.services.friendlyport) ports;
mkAdd =
proto: subnets: ints:
let
subnetsS = builtins.concatStringsSep "," subnets;
intsS = builtins.concatStringsSep "," (map builtins.toString ints);
in
if builtins.length ints == 0 then
""
else
"iptables -A INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT";
startTCP = map (attr: mkAdd "tcp" attr.subnets attr.tcp) ports;
startUDP = map (attr: mkAdd "udp" attr.subnets attr.udp) ports;
# TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process.
# How to stop the old one and start the new one?
mkDel =
proto: subnets: ints:
let
subnetsS = builtins.concatStringsSep "," subnets;
intsS = builtins.concatStringsSep "," (map builtins.toString ints);
in
if builtins.length ints == 0 then
""
else
"iptables -D INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT || :";
stopTCP = map (attr: mkDel "tcp" attr.subnets attr.tcp) ports;
stopUDP = map (attr: mkDel "udp" attr.subnets attr.udp) ports;
in
{
networking.firewall.extraCommands = lib.concatLines (startTCP ++ startUDP);
networking.firewall.extraStopCommands = lib.concatLines (stopTCP ++ stopUDP);
};
}

8
modules/services/grafana/default.nix
View File

@@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
myData,
... ...
}: }:
let let
@@ -50,13 +49,6 @@ in
}; };
}; };
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ cfg.port ];
}
];
}; };
} }

7
modules/services/hass/default.nix
View File

@@ -14,13 +14,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ myData.ports.hass ];
}
];
environment.systemPackages = [ ]; environment.systemPackages = [ ];
services = { services = {

16
modules/services/jakstpub/default.nix
View File

@@ -117,21 +117,5 @@ in
]; ];
}; };
mj.services.friendlyport.ports = [
{
subnets = with myData.subnets; [
tailscale.cidr
vno1.cidr
vno3.cidr
];
tcp = [
#80 # caddy above
139 # smbd
445 # smbd
5357 # wsdd
];
udp = [ 3702 ]; # wsdd
}
];
}; };
} }

6
modules/services/node_exporter/default.nix
View File

@@ -38,11 +38,5 @@ in
gid = myData.uidgid.node_exporter; gid = myData.uidgid.node_exporter;
}; };
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ] ++ cfg.extraSubnets;
tcp = [ myData.ports.exporters.node ];
}
];
}; };
} }

7
modules/services/ping_exporter/default.nix
View File

@@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
myData,
... ...
}: }:
let let
@@ -43,11 +42,5 @@ in
}; };
}; };
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ config.services.prometheus.exporters.ping.port ];
}
];
}; };
} }

7
modules/services/ssh8022/default.nix
View File

@@ -43,13 +43,6 @@
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
mj.services.friendlyport.ports = lib.mkIf (!cfg.openGlobalFirewall) [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ 22 ];
}
];
services = { services = {
openssh.openFirewall = cfg.openGlobalFirewall; openssh.openFirewall = cfg.openGlobalFirewall;

7
modules/services/syncthing/default.nix
View File

@@ -194,13 +194,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
mj.services.friendlyport.ports = [
{
subnets = myData.subnets.motiejus.cidrs;
tcp = [ 8384 ];
}
];
services.syncthing = { services.syncthing = {
inherit (cfg) inherit (cfg)
enable enable

8
modules/services/vaultwarden/default.nix
View File

@@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
myData,
... ...
}: }:
let let
@@ -45,13 +44,6 @@ in
}; };
}; };
mj.services.friendlyport.ports = [
{
subnets = [ myData.subnets.tailscale.cidr ];
tcp = [ cfg.port ];
}
];
}; };
} }