diff --git a/hosts/by-name/servo/services/ejabberd.nix b/hosts/by-name/servo/services/ejabberd.nix index 7c14f21c..c1aa79bc 100644 --- a/hosts/by-name/servo/services/ejabberd.nix +++ b/hosts/by-name/servo/services/ejabberd.nix @@ -38,11 +38,11 @@ ]; networking.firewall.allowedTCPPortRanges = [{ from = 49152; # TURN - to = 65535; + to = 49408; }]; networking.firewall.allowedUDPPortRanges = [{ from = 49152; # TURN - to = 65535; + to = 49408; }]; # provide access to certs diff --git a/hosts/by-name/servo/services/trust-dns.nix b/hosts/by-name/servo/services/trust-dns.nix index 17521ca8..d7211e65 100644 --- a/hosts/by-name/servo/services/trust-dns.nix +++ b/hosts/by-name/servo/services/trust-dns.nix @@ -6,7 +6,7 @@ sane.services.trust-dns.listenAddrsIPv4 = [ # specify each address explicitly, instead of using "*". # this ensures responses are sent from the address at which the request was received. - "192.168.0.5" + "192.168.15.28" # TODO: fetch IP via `config` "10.0.1.5" ]; sane.services.trust-dns.quiet = true; diff --git a/modules/services/dyn-dns.nix b/modules/services/dyn-dns.nix index 814b8113..6e801c9e 100644 --- a/modules/services/dyn-dns.nix +++ b/modules/services/dyn-dns.nix @@ -3,6 +3,11 @@ with lib; let cfg = config.sane.services.dyn-dns; + getIp = pkgs.writeShellScript "dyn-dns-query-wan" '' + # preferred method and fallback + ${pkgs.sane-scripts}/bin/sane-ip-check-router-wan || \ + ${pkgs.sane-scripts}/bin/sane-ip-check + ''; in { options = { @@ -19,7 +24,7 @@ in }; ipCmd = mkOption { - default = "${pkgs.sane-scripts}/bin/sane-ip-check-router-wan"; + default = "${getIp}"; type = types.path; description = "command to run to query the current WAN IP"; }; diff --git a/pkgs/sane-scripts/src/sane-ip-check b/pkgs/sane-scripts/src/sane-ip-check index cfac2622..708a69dd 100755 --- a/pkgs/sane-scripts/src/sane-ip-check +++ b/pkgs/sane-scripts/src/sane-ip-check @@ -1,3 +1,4 @@ #!/usr/bin/env bash -curl https://ipinfo.io/ip -echo +ip=$(curl --silent https://ipinfo.io/ip) +echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$" +exit $? diff --git a/pkgs/sane-scripts/src/sane-ip-check-router-wan b/pkgs/sane-scripts/src/sane-ip-check-router-wan index 555fabd5..94b1e3b9 100755 --- a/pkgs/sane-scripts/src/sane-ip-check-router-wan +++ b/pkgs/sane-scripts/src/sane-ip-check-router-wan @@ -3,13 +3,16 @@ # requires creds passwd=$(sudo cat /run/secrets/router_passwd) cookie=$(mktemp) +curlflags="curl --silent --insecure --cookie-jar $cookie --connect-timeout 5" # authenticate -curl -s --insecure --cookie-jar $cookie \ +curl $curlflags \ --data "username=admin&password=$passwd" \ https://192.168.0.1 # query the WAN IP -curl -s --insecure --cookie $cookie \ +ip=$(curl $curlflags \ -H "X-Requested-With: XMLHttpRequest" \ "https://192.168.0.1/cgi/cgi_action?Action=GetConnectionStatus" \ - | jq -r .wan_status.ipaddr + | jq -r .wan_status.ipaddr) +echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$" +exit $?