servo: expose all wan services also to the doof tunnel
This commit is contained in:
parent
39a39e763d
commit
3ada668366
|
@ -51,52 +51,61 @@ lib.mkIf false
|
||||||
{
|
{
|
||||||
"3478" = {
|
"3478" = {
|
||||||
protocol = [ "tcp" "udp" ];
|
protocol = [ "tcp" "udp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-stun-turn";
|
description = "colin-xmpp-stun-turn";
|
||||||
};
|
};
|
||||||
"5222" = {
|
"5222" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-client-to-server";
|
description = "colin-xmpp-client-to-server";
|
||||||
};
|
};
|
||||||
"5223" = {
|
"5223" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpps-client-to-server"; # XMPP over TLS
|
description = "colin-xmpps-client-to-server"; # XMPP over TLS
|
||||||
};
|
};
|
||||||
"5269" = {
|
"5269" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-server-to-server";
|
description = "colin-xmpp-server-to-server";
|
||||||
};
|
};
|
||||||
"5270" = {
|
"5270" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpps-server-to-server"; # XMPP over TLS
|
description = "colin-xmpps-server-to-server"; # XMPP over TLS
|
||||||
};
|
};
|
||||||
"5280" = {
|
"5280" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-bosh";
|
description = "colin-xmpp-bosh";
|
||||||
};
|
};
|
||||||
"5281" = {
|
"5281" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-bosh-https";
|
description = "colin-xmpp-bosh-https";
|
||||||
};
|
};
|
||||||
"5349" = {
|
"5349" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-stun-turn-over-tls";
|
description = "colin-xmpp-stun-turn-over-tls";
|
||||||
};
|
};
|
||||||
"5443" = {
|
"5443" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-web-services"; # file uploads, websockets, admin
|
description = "colin-xmpp-web-services"; # file uploads, websockets, admin
|
||||||
|
@ -109,6 +118,7 @@ lib.mkIf false
|
||||||
numPorts = turnPortHigh - turnPortLow + 1;
|
numPorts = turnPortHigh - turnPortLow + 1;
|
||||||
in {
|
in {
|
||||||
protocol = [ "tcp" "udp" ];
|
protocol = [ "tcp" "udp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-turn-${builtins.toString count}-of-${builtins.toString numPorts}";
|
description = "colin-xmpp-turn-${builtins.toString count}-of-${builtins.toString numPorts}";
|
||||||
|
|
|
@ -8,12 +8,14 @@
|
||||||
{
|
{
|
||||||
sane.ports.ports."143" = {
|
sane.ports.ports."143" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-imap-imap.uninsane.org";
|
description = "colin-imap-imap.uninsane.org";
|
||||||
};
|
};
|
||||||
sane.ports.ports."993" = {
|
sane.ports.ports."993" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-imaps-imap.uninsane.org";
|
description = "colin-imaps-imap.uninsane.org";
|
||||||
|
|
|
@ -32,6 +32,7 @@ in
|
||||||
};
|
};
|
||||||
"990" = {
|
"990" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-FTPS server";
|
description = "colin-FTPS server";
|
||||||
|
@ -41,6 +42,7 @@ in
|
||||||
name = builtins.toString port;
|
name = builtins.toString port;
|
||||||
value = {
|
value = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-FTP server data port range";
|
description = "colin-FTP server data port range";
|
||||||
|
|
|
@ -134,6 +134,7 @@
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
|
visibleTo.doof = true;
|
||||||
description = "colin-git@git.uninsane.org";
|
description = "colin-git@git.uninsane.org";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -62,6 +62,7 @@ in
|
||||||
sane.ports.ports = lib.mkMerge (lib.forEach portRange (port: {
|
sane.ports.ports = lib.mkMerge (lib.forEach portRange (port: {
|
||||||
"${builtins.toString port}" = {
|
"${builtins.toString port}" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-notification-waiter-${builtins.toString (port - portLow + 1)}-of-${builtins.toString numPorts}";
|
description = "colin-notification-waiter-${builtins.toString (port - portLow + 1)}-of-${builtins.toString numPorts}";
|
||||||
|
|
|
@ -61,40 +61,47 @@ in
|
||||||
];
|
];
|
||||||
sane.ports.ports."5000" = {
|
sane.ports.ports."5000" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-prosody-fileshare-proxy65";
|
description = "colin-xmpp-prosody-fileshare-proxy65";
|
||||||
};
|
};
|
||||||
sane.ports.ports."5222" = {
|
sane.ports.ports."5222" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-client-to-server";
|
description = "colin-xmpp-client-to-server";
|
||||||
};
|
};
|
||||||
sane.ports.ports."5223" = {
|
sane.ports.ports."5223" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpps-client-to-server"; # XMPP over TLS
|
description = "colin-xmpps-client-to-server"; # XMPP over TLS
|
||||||
};
|
};
|
||||||
sane.ports.ports."5269" = {
|
sane.ports.ports."5269" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-server-to-server";
|
description = "colin-xmpp-server-to-server";
|
||||||
};
|
};
|
||||||
sane.ports.ports."5270" = {
|
sane.ports.ports."5270" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpps-server-to-server"; # XMPP over TLS
|
description = "colin-xmpps-server-to-server"; # XMPP over TLS
|
||||||
};
|
};
|
||||||
sane.ports.ports."5280" = {
|
sane.ports.ports."5280" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-bosh";
|
description = "colin-xmpp-bosh";
|
||||||
};
|
};
|
||||||
sane.ports.ports."5281" = {
|
sane.ports.ports."5281" = {
|
||||||
protocol = [ "tcp" ];
|
protocol = [ "tcp" ];
|
||||||
|
visibleTo.doof = true;
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = true;
|
visibleTo.wan = true;
|
||||||
description = "colin-xmpp-prosody-https"; # necessary?
|
description = "colin-xmpp-prosody-https"; # necessary?
|
||||||
|
|
|
@ -103,6 +103,7 @@ in
|
||||||
hn = {
|
hn = {
|
||||||
substitutions = mkSubstitutions "hn";
|
substitutions = mkSubstitutions "hn";
|
||||||
listenAddrsIpv4 = [ nativeAddrs."servo.hn" ];
|
listenAddrsIpv4 = [ nativeAddrs."servo.hn" ];
|
||||||
|
# TODO: no reason this can't live on port 53
|
||||||
port = 1053;
|
port = 1053;
|
||||||
};
|
};
|
||||||
lan = {
|
lan = {
|
||||||
|
|
|
@ -80,6 +80,7 @@ in
|
||||||
protocol = [ "udp" ];
|
protocol = [ "udp" ];
|
||||||
visibleTo.lan = true;
|
visibleTo.lan = true;
|
||||||
visibleTo.wan = cfg.visibleToWan;
|
visibleTo.wan = cfg.visibleToWan;
|
||||||
|
visibleTo.doof = cfg.visibleToWan;
|
||||||
description = "colin-wireguard";
|
description = "colin-wireguard";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user