colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'dev/servo'

Browse Source
This commit is contained in:
Colin 2023-02-21 11:35:00 +00:00
commit e923636181
5 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/by-name/servo/services/ejabberd.nix
View File

@ -38,11 +38,11 @@
]; ];
networking.firewall.allowedTCPPortRanges = [{ networking.firewall.allowedTCPPortRanges = [{
from = 49152; # TURN from = 49152; # TURN
to = 65535; to = 49408;
}]; }];
networking.firewall.allowedUDPPortRanges = [{ networking.firewall.allowedUDPPortRanges = [{
from = 49152; # TURN from = 49152; # TURN
to = 65535; to = 49408;
}]; }];
# provide access to certs # provide access to certs

2
hosts/by-name/servo/services/trust-dns.nix
View File

@ -6,7 +6,7 @@
sane.services.trust-dns.listenAddrsIPv4 = [ sane.services.trust-dns.listenAddrsIPv4 = [
# specify each address explicitly, instead of using "*". # specify each address explicitly, instead of using "*".
# this ensures responses are sent from the address at which the request was received. # this ensures responses are sent from the address at which the request was received.
"192.168.0.5" "192.168.15.28" # TODO: fetch IP via `config`
"10.0.1.5" "10.0.1.5"
]; ];
sane.services.trust-dns.quiet = true; sane.services.trust-dns.quiet = true;

7
modules/services/dyn-dns.nix
View File

@ -3,6 +3,11 @@
with lib; with lib;
let let
cfg = config.sane.services.dyn-dns; cfg = config.sane.services.dyn-dns;
getIp = pkgs.writeShellScript "dyn-dns-query-wan" ''
# preferred method and fallback
${pkgs.sane-scripts}/bin/sane-ip-check-router-wan || \
${pkgs.sane-scripts}/bin/sane-ip-check
'';
in in
{ {
options = { options = {
@ -19,7 +24,7 @@ in
}; };
ipCmd = mkOption { ipCmd = mkOption {
default = "${pkgs.sane-scripts}/bin/sane-ip-check-router-wan"; default = "${getIp}";
type = types.path; type = types.path;
description = "command to run to query the current WAN IP"; description = "command to run to query the current WAN IP";
}; };

5
pkgs/sane-scripts/src/sane-ip-check
View File

@ -1,3 +1,4 @@
#!/usr/bin/env bash #!/usr/bin/env bash
curl https://ipinfo.io/ip ip=$(curl --silent https://ipinfo.io/ip)
echo echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$"
exit $?

9
pkgs/sane-scripts/src/sane-ip-check-router-wan
View File

@ -3,13 +3,16 @@
# requires creds # requires creds
passwd=$(sudo cat /run/secrets/router_passwd) passwd=$(sudo cat /run/secrets/router_passwd)
cookie=$(mktemp) cookie=$(mktemp)
curlflags="curl --silent --insecure --cookie-jar $cookie --connect-timeout 5"
# authenticate # authenticate
curl -s --insecure --cookie-jar $cookie \ curl $curlflags \
--data "username=admin&password=$passwd" \ --data "username=admin&password=$passwd" \
https://192.168.0.1 https://192.168.0.1
# query the WAN IP # query the WAN IP
curl -s --insecure --cookie $cookie \ ip=$(curl $curlflags \
-H "X-Requested-With: XMLHttpRequest" \ -H "X-Requested-With: XMLHttpRequest" \
"https://192.168.0.1/cgi/cgi_action?Action=GetConnectionStatus" \ "https://192.168.0.1/cgi/cgi_action?Action=GetConnectionStatus" \
| jq -r .wan_status.ipaddr | jq -r .wan_status.ipaddr)
echo "$ip" | grep -P " *^\d+\.\d+\.\d+\.\d+ *$"
exit $?