diff options
author | Morgan Jones <me@numin.it> | 2024-01-20 19:28:19 -0800 |
---|---|---|
committer | Morgan Jones <me@numin.it> | 2024-02-17 15:07:27 -0800 |
commit | 32f56d72667797a5adc555fd1e7c413072dae155 (patch) | |
tree | 5718e281511e108848e5dece37c03e4debada407 /nixos/modules | |
parent | cdd95bd39ce3ed3efc71698aa0adaf2160b4b3d6 (diff) | |
download | nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.gz nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.bz2 nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.lz nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.xz nixlib-32f56d72667797a5adc555fd1e7c413072dae155.tar.zst nixlib-32f56d72667797a5adc555fd1e7c413072dae155.zip |
nixos/nebula: fix port resolution for firewall rules
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/nebula.nix | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix index de68f514f5a6..2f9e41ae9c80 100644 --- a/nixos/modules/services/networking/nebula.nix +++ b/nixos/modules/services/networking/nebula.nix @@ -10,6 +10,15 @@ let format = pkgs.formats.yaml {}; nameToId = netName: "nebula-${netName}"; + + resolveFinalPort = netCfg: + if netCfg.listen.port == null then + if (netCfg.isLighthouse || netCfg.isRelay) then + 4242 + else + 0 + else + netCfg.listen.port; in { # Interface @@ -181,15 +190,7 @@ in }; listen = { host = netCfg.listen.host; - port = ( - if netCfg.listen.port == null then - if (netCfg.isLighthouse || netCfg.isRelay) then - 4242 - else - 0 - else - netCfg.listen.port - ); + port = resolveFinalPort netCfg; }; tun = { disabled = netCfg.tun.disable; @@ -202,10 +203,10 @@ in } netCfg.settings; configFile = format.generate "nebula-config-${netName}.yml" ( warnIf - ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port < 1) + ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port == 0) '' Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}. - You will experience connectivity issues. + You will likely experience connectivity issues: https://nebula.defined.net/docs/config/listen/#listenport '' settings ); @@ -252,7 +253,7 @@ in # Open the chosen ports for UDP. networking.firewall.allowedUDPPorts = - unique (filter (port: port != null && port > 0) (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks)); + unique (filter (port: port > 0) (mapAttrsToList (netName: netCfg: resolveFinalPort netCfg) enabledNetworks)); # Create the service users and groups. users.users = mkMerge (mapAttrsToList (netName: netCfg: |