From 82d3e9686ddb5c549e726c434505fa43d71b4e2b Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 21 Feb 2023 11:17:54 +0000 Subject: [PATCH 1/4] sane-ip-check: set exit code based on if we get IP or not --- pkgs/sane-scripts/src/sane-ip-check | 5 +++-- pkgs/sane-scripts/src/sane-ip-check-router-wan | 9 ++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/pkgs/sane-scripts/src/sane-ip-check b/pkgs/sane-scripts/src/sane-ip-check index cfac2622..708a69dd 100755 --- a/pkgs/sane-scripts/src/sane-ip-check +++ b/pkgs/sane-scripts/src/sane-ip-check @@ -1,3 +1,4 @@ #!/usr/bin/env bash -curl https://ipinfo.io/ip -echo +ip=$(curl --silent https://ipinfo.io/ip) +echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$" +exit $? diff --git a/pkgs/sane-scripts/src/sane-ip-check-router-wan b/pkgs/sane-scripts/src/sane-ip-check-router-wan index 555fabd5..94b1e3b9 100755 --- a/pkgs/sane-scripts/src/sane-ip-check-router-wan +++ b/pkgs/sane-scripts/src/sane-ip-check-router-wan @@ -3,13 +3,16 @@ # requires creds passwd=$(sudo cat /run/secrets/router_passwd) cookie=$(mktemp) +curlflags="curl --silent --insecure --cookie-jar $cookie --connect-timeout 5" # authenticate -curl -s --insecure --cookie-jar $cookie \ +curl $curlflags \ --data "username=admin&password=$passwd" \ https://192.168.0.1 # query the WAN IP -curl -s --insecure --cookie $cookie \ +ip=$(curl $curlflags \ -H "X-Requested-With: XMLHttpRequest" \ "https://192.168.0.1/cgi/cgi_action?Action=GetConnectionStatus" \ - | jq -r .wan_status.ipaddr + | jq -r .wan_status.ipaddr) +echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$" +exit $? From 499078e0f825254e14c98b0b0b9716503f7dd05e Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 21 Feb 2023 11:18:27 +0000 Subject: [PATCH 2/4] trust-dns: update the address we listen on --- hosts/by-name/servo/services/trust-dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/by-name/servo/services/trust-dns.nix b/hosts/by-name/servo/services/trust-dns.nix index 17521ca8..d7211e65 100644 --- a/hosts/by-name/servo/services/trust-dns.nix +++ b/hosts/by-name/servo/services/trust-dns.nix @@ -6,7 +6,7 @@ sane.services.trust-dns.listenAddrsIPv4 = [ # specify each address explicitly, instead of using "*". # this ensures responses are sent from the address at which the request was received. - "192.168.0.5" + "192.168.15.28" # TODO: fetch IP via `config` "10.0.1.5" ]; sane.services.trust-dns.quiet = true; From 58b219546b1d83fbad4d2cfcec292c33ea71132f Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 21 Feb 2023 11:23:56 +0000 Subject: [PATCH 3/4] ejabberd: reduce TURN port pool --- hosts/by-name/servo/services/ejabberd.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/by-name/servo/services/ejabberd.nix b/hosts/by-name/servo/services/ejabberd.nix index 7c14f21c..c1aa79bc 100644 --- a/hosts/by-name/servo/services/ejabberd.nix +++ b/hosts/by-name/servo/services/ejabberd.nix @@ -38,11 +38,11 @@ ]; networking.firewall.allowedTCPPortRanges = [{ from = 49152; # TURN - to = 65535; + to = 49408; }]; networking.firewall.allowedUDPPortRanges = [{ from = 49152; # TURN - to = 65535; + to = 49408; }]; # provide access to certs From 017aa335b1d743bd213b6c08373d287897059d08 Mon Sep 17 00:00:00 2001 From: Colin Date: Tue, 21 Feb 2023 11:24:43 +0000 Subject: [PATCH 4/4] servo: dyn-dns: have `getIp` command use a fallback --- modules/services/dyn-dns.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/services/dyn-dns.nix b/modules/services/dyn-dns.nix index 814b8113..6e801c9e 100644 --- a/modules/services/dyn-dns.nix +++ b/modules/services/dyn-dns.nix @@ -3,6 +3,11 @@ with lib; let cfg = config.sane.services.dyn-dns; + getIp = pkgs.writeShellScript "dyn-dns-query-wan" '' + # preferred method and fallback + ${pkgs.sane-scripts}/bin/sane-ip-check-router-wan || \ + ${pkgs.sane-scripts}/bin/sane-ip-check + ''; in { options = { @@ -19,7 +24,7 @@ in }; ipCmd = mkOption { - default = "${pkgs.sane-scripts}/bin/sane-ip-check-router-wan"; + default = "${getIp}"; type = types.path; description = "command to run to query the current WAN IP"; };