about summary refs log tree commit diff
path: root/nixos/modules/services/networking
diff options
context:
space:
mode:
authorMorgan Jones <me@numin.it>2024-01-20 19:28:19 -0800
committerMorgan Jones <me@numin.it>2024-02-17 15:07:27 -0800
commit32f56d72667797a5adc555fd1e7c413072dae155 (patch)
tree5718e281511e108848e5dece37c03e4debada407 /nixos/modules/services/networking
parentcdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6 (diff)
downloadnixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar
nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.gz
nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.bz2
nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.lz
nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.xz
nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.zst
nixlib-32f56d72667797a5adc555fd1e7c413072dae155.zip
nixos/nebula: fix port resolution for firewall rules
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r--nixos/modules/services/networking/nebula.nix25


1 files changed, 13 insertions, 12 deletions
diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix
index de68f514f5a6..2f9e41ae9c80 100644
--- a/nixos/modules/services/networking/nebula.nix
+++ b/nixos/modules/services/networking/nebula.nix
@@ -10,6 +10,15 @@ let
   format = pkgs.formats.yaml {};
 
   nameToId = netName: "nebula-${netName}";
+
+  resolveFinalPort = netCfg:
+    if netCfg.listen.port == null then
+      if (netCfg.isLighthouse || netCfg.isRelay) then
+        4242
+      else
+        0
+    else
+      netCfg.listen.port;
 in
 {
   # Interface
@@ -181,15 +190,7 @@ in
           };
           listen = {
             host = netCfg.listen.host;
-            port = (
-              if netCfg.listen.port == null then
-                if (netCfg.isLighthouse || netCfg.isRelay) then
-                  4242
-                else
-                  0
-              else
-                netCfg.listen.port
-            );
+            port = resolveFinalPort netCfg;
           };
           tun = {
             disabled = netCfg.tun.disable;
@@ -202,10 +203,10 @@ in
         } netCfg.settings;
         configFile = format.generate "nebula-config-${netName}.yml" (
           warnIf
-            ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port < 1)
+            ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port == 0)
             ''
               Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}.
-              You will experience connectivity issues.
+              You will likely experience connectivity issues: https://nebula.defined.net/docs/config/listen/#listenport
             ''
             settings
           );
@@ -252,7 +253,7 @@ in
 
     # Open the chosen ports for UDP.
     networking.firewall.allowedUDPPorts =
-      unique (filter (port: port != null && port > 0) (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks));
+      unique (filter (port: port > 0) (mapAttrsToList (netName: netCfg: resolveFinalPort netCfg) enabledNetworks));
 
     # Create the service users and groups.
     users.users = mkMerge (mapAttrsToList (netName: netCfg:

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-28 00:29:20 +0000