servo: enable UPnP port forwarding timer
This commit is contained in:
parent
13794e9eaa
commit
35c9f2bf60
|
@ -4,6 +4,7 @@
|
||||||
networking.domain = "uninsane.org";
|
networking.domain = "uninsane.org";
|
||||||
|
|
||||||
sane.services.wan-ports.openFirewall = true;
|
sane.services.wan-ports.openFirewall = true;
|
||||||
|
sane.services.wan-ports.openUpnp = true;
|
||||||
|
|
||||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.sane.services.wan-ports;
|
cfg = config.sane.services.wan-ports;
|
||||||
in
|
in
|
||||||
|
@ -9,14 +9,32 @@ in
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
};
|
};
|
||||||
|
openUpnp = mkOption {
|
||||||
# TODO: openUpnp option
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
upnpRenewInterval = mkOption {
|
||||||
|
default = "1hr";
|
||||||
|
type = types.str;
|
||||||
|
description = "how frequently to renew UPnP leases";
|
||||||
|
};
|
||||||
|
upnpLeaseDuration = mkOption {
|
||||||
|
default = 86400;
|
||||||
|
type = types.int;
|
||||||
|
description = "how long to lease UPnP ports for";
|
||||||
|
};
|
||||||
|
|
||||||
# TODO: rework this to look like:
|
# TODO: rework this to look like:
|
||||||
# ports.53 = {
|
# ports.53 = {
|
||||||
# protocol = [ "udp" "tcp" ]; # have this be default
|
# protocol = [ "udp" "tcp" ]; # have this be default
|
||||||
# visibility = "wan"; # or "lan"
|
# visibility = "wan"; # or "lan"
|
||||||
# }
|
# }
|
||||||
|
# or maybe:
|
||||||
|
# tcp.ports.53 = {
|
||||||
|
# visibility = "wan"; # or "lan"
|
||||||
|
# };
|
||||||
|
# and a special convertibleTo to handle port ranges
|
||||||
|
# plus aggregation to convert individual ports back to ranges before doing certain operations (like UPnP?)
|
||||||
tcp = mkOption {
|
tcp = mkOption {
|
||||||
type = types.listOf types.int;
|
type = types.listOf types.int;
|
||||||
default = [];
|
default = [];
|
||||||
|
@ -28,8 +46,36 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.openFirewall {
|
config = lib.mkMerge [
|
||||||
networking.firewall.allowedTCPPorts = cfg.tcp;
|
(lib.mkIf cfg.openFirewall {
|
||||||
networking.firewall.allowedUDPPorts = cfg.udp;
|
networking.firewall.allowedTCPPorts = cfg.tcp;
|
||||||
};
|
networking.firewall.allowedUDPPorts = cfg.udp;
|
||||||
|
})
|
||||||
|
(lib.mkIf cfg.openUpnp {
|
||||||
|
systemd.services.upnp-forwards = {
|
||||||
|
description = "forward ports from upstream gateway to this host";
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
restartTriggers = [(builtins.toJSON cfg)];
|
||||||
|
|
||||||
|
after = [ "network.target" ];
|
||||||
|
script =
|
||||||
|
let
|
||||||
|
forwards =
|
||||||
|
(builtins.map (p: "tcp:${builtins.toString p}") cfg.tcp) ++
|
||||||
|
(builtins.map (p: "udp:${builtins.toString p}") cfg.udp);
|
||||||
|
in ''
|
||||||
|
${pkgs.sane-scripts}/bin/sane-ip-port-forward -v -d ${builtins.toString cfg.upnpLeaseDuration} \
|
||||||
|
${builtins.concatStringsSep " " forwards}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.timers.upnp-forwards = {
|
||||||
|
wantedBy = [ "network.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnStartupSec = "1min";
|
||||||
|
OnUnitActiveSec = cfg.upnpRenewInterval;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user