Infra/pi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: auto forward ports and open firewall

Browse source
This commit is contained in:
Katharina Heidenreich 2026-03-16 19:05:55 +01:00
parent b166c58127
commit 44d2263bdf
4 changed files with 20 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

9
data/network.nix
View file

@ -95,4 +95,13 @@ rec {
dnsMappings = lib.filterAttrs _predOnlyLocalObjs _dnsMappingObjects; dnsMappings = lib.filterAttrs _predOnlyLocalObjs _dnsMappingObjects;
reverse_proxy = lib.filterAttrs (name: value: value ? reverse_proxy) services; reverse_proxy = lib.filterAttrs (name: value: value ? reverse_proxy) services;
_portsUsedInService = (service: if service ? reverse_proxy
then if service.reverse_proxy ? listen
then map (obj: obj.port) service.reverse_proxy.listen
else if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
then [80 443]
else [80]
else [80]);
usedPorts = lib.unique (lib.concatLists (map _portsUsedInService (builtins.attrValues services)));
} }

11
data/services.nix
View file

@ -23,16 +23,7 @@ rec {
autossh = { autossh = {
key_path = "/etc/auto-ssh_secrets/key"; key_path = "/etc/auto-ssh_secrets/key";
known_hosts = "/etc/auto-ssh_secrets/known_hosts"; known_hosts = "/etc/auto-ssh_secrets/known_hosts";
forwards = [{ forwards = [];
remote = 80;
localAddress = "localhost";
localPort = 80;
}
{
remote = 443;
localAddress = "localhost";
localPort = 443;
}];
}; };
} }

11
services/autossh.nix
View file

@ -1,10 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
net = import ../data/network.nix; net = import ../data/network.nix;
serv = import ../data/services.nix; serv = import ../data/services.nix;
forwardStrings = map (port: "-R ${toString port.remote}:${port.localAddress}:${toString port.localPort}") serv.autossh.forwards; autoForwards = map (port: {
remote = port;
localAddress = "localhost";
localPort = port;
}) net.usedPorts;
fordwards = lib.unique (serv.autossh.forwards ++ autoForwards);
forwardStrings = map (port: "-R ${toString port.remote}:${port.localAddress}:${toString port.localPort}") fordwards;
forwardString = builtins.concatStringsSep " " forwardStrings; forwardString = builtins.concatStringsSep " " forwardStrings;
sshHost = net.services.remoteProxy.ip; sshHost = net.services.remoteProxy.ip;

2
services/nginx.nix
View file

@ -80,7 +80,7 @@ in {
virtualHosts = rproxyServices // {fallback = fallback;}; virtualHosts = rproxyServices // {fallback = fallback;};
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = network.usedPorts;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;