diff options
| author | Morgan Jones <me@numin.it> | 2024-01-13 15:27:20 -0800 |
|---|---|---|
| committer | Morgan Jones <me@numin.it> | 2024-01-20 19:29:32 -0800 |
| commit | cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6 (patch) | |
| tree | 28de9f405cecd1264c2f573739024ece5d558b9b /nixos/modules/services/networking | |
| parent | 28dbc86c498e4da9a4e44949e82a583627273319 (diff) | |
| download | nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.tar nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.tar.gz nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.tar.bz2 nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.tar.lz nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.tar.xz nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.tar.zst nixlib-cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6.zip | |
nixos/nebula: default to port 0 for hosts other than lighthouse/relay
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/nebula.nix | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix index e13876172dac..de68f514f5a6 100644 --- a/nixos/modules/services/networking/nebula.nix +++ b/nixos/modules/services/networking/nebula.nix @@ -95,8 +95,15 @@ in }; listen.port = mkOption { - type = types.port; - default = 4242; + type = types.nullOr types.port; + default = null; + defaultText = lib.literalExpression '' + if (config.services.nebula.networks.''${name}.isLighthouse || + config.services.nebula.networks.''${name}.isRelay) then + 4242 + else + 0; + ''; description = lib.mdDoc "Port number to listen on."; }; @@ -174,7 +181,15 @@ in }; listen = { host = netCfg.listen.host; - port = netCfg.listen.port; + port = ( + if netCfg.listen.port == null then + if (netCfg.isLighthouse || netCfg.isRelay) then + 4242 + else + 0 + else + netCfg.listen.port + ); }; tun = { disabled = netCfg.tun.disable; @@ -185,7 +200,15 @@ in outbound = netCfg.firewall.outbound; }; } netCfg.settings; - configFile = format.generate "nebula-config-${netName}.yml" settings; + configFile = format.generate "nebula-config-${netName}.yml" ( + warnIf + ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port < 1) + '' + Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}. + You will experience connectivity issues. + '' + settings + ); in { # Create the systemd service for Nebula. @@ -229,7 +252,7 @@ in # Open the chosen ports for UDP. networking.firewall.allowedUDPPorts = - unique (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks); + unique (filter (port: port != null && port > 0) (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks)); # Create the service users and groups. users.users = mkMerge (mapAttrsToList (netName: netCfg: |