colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: only forward ports to OVPN which are actually marked for visiblity

Browse Source
This commit is contained in:
Colin 2024-06-17 06:15:00 +00:00
parent 14d5d9eb5a
commit dd47a5083c
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hosts/by-name/servo/net.nix
View File

@ -6,6 +6,9 @@ let
visibleTo.ovpn = mkOption { visibleTo.ovpn = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = ''
whether to forward inbound traffic on the OVPN vpn port to the corresponding localhost port.
'';
}; };
}; };
}; };
@ -92,7 +95,11 @@ in
bridgeStatements = lib.foldlAttrs bridgeStatements = lib.foldlAttrs
(acc: port: portCfg: acc ++ (builtins.map (bridgePort port) portCfg.protocol)) (acc: port: portCfg: acc ++ (builtins.map (bridgePort port) portCfg.protocol))
[] []
config.sane.ports.ports; (lib.filterAttrs
(port: portCfg: portCfg.visibleTo.ovpn)
config.sane.ports.ports
)
;
in { in {
privateKeyFile = config.sops.secrets.wg_ovpns_privkey.path; privateKeyFile = config.sops.secrets.wg_ovpns_privkey.path;
# wg is active only in this namespace. # wg is active only in this namespace.