diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-09-28 14:25:12 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-09-28 14:41:15 +0000 |
commit | b0458baf6876fb2ea3a2ec31a387d80c3b1359e9 (patch) | |
tree | 3e0a20150c899be8581767ae87789ef01dba844d /modules/server | |
parent | 36bedbe5c162bab9e7ef702f353ae399fdfd0518 (diff) | |
download | nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.tar nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.tar.gz nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.tar.bz2 nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.tar.lz nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.tar.xz nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.tar.zst nixlib-b0458baf6876fb2ea3a2ec31a387d80c3b1359e9.zip |
modules/tor: only open firewall with explicit port
Doesn't make sense to otherwise. We can't open port "auto".
Diffstat (limited to 'modules/server')
-rw-r--r-- | modules/server/tor/default.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/server/tor/default.nix b/modules/server/tor/default.nix index 645684c5dca2..7a0341065d33 100644 --- a/modules/server/tor/default.nix +++ b/modules/server/tor/default.nix @@ -1,7 +1,11 @@ { lib, config, ... }: { - networking.firewall.allowedTCPPorts = [ config.services.tor.relay.port ]; + networking.firewall.allowedTCPPorts = + let + port = config.services.tor.relay.port; + in + lib.optional (lib.isInt port && port > 0) port; services.tor.enable = true; |