diff options
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/nebula.nix | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix index e13876172dac..de68f514f5a6 100644 --- a/nixos/modules/services/networking/nebula.nix +++ b/nixos/modules/services/networking/nebula.nix @@ -95,8 +95,15 @@ in }; listen.port = mkOption { - type = types.port; - default = 4242; + type = types.nullOr types.port; + default = null; + defaultText = lib.literalExpression '' + if (config.services.nebula.networks.''${name}.isLighthouse || + config.services.nebula.networks.''${name}.isRelay) then + 4242 + else + 0; + ''; description = lib.mdDoc "Port number to listen on."; }; @@ -174,7 +181,15 @@ in }; listen = { host = netCfg.listen.host; - port = netCfg.listen.port; + port = ( + if netCfg.listen.port == null then + if (netCfg.isLighthouse || netCfg.isRelay) then + 4242 + else + 0 + else + netCfg.listen.port + ); }; tun = { disabled = netCfg.tun.disable; @@ -185,7 +200,15 @@ in outbound = netCfg.firewall.outbound; }; } netCfg.settings; - configFile = format.generate "nebula-config-${netName}.yml" settings; + configFile = format.generate "nebula-config-${netName}.yml" ( + warnIf + ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port < 1) + '' + Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}. + You will experience connectivity issues. + '' + settings + ); in { # Create the systemd service for Nebula. @@ -229,7 +252,7 @@ in # Open the chosen ports for UDP. networking.firewall.allowedUDPPorts = - unique (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks); + unique (filter (port: port != null && port > 0) (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks)); # Create the service users and groups. users.users = mkMerge (mapAttrsToList (netName: netCfg: |