cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #280836 from numinit/nebula-port-zero

Browse source 
nixos/nebula: default to port 0 for hosts other than lighthouse/relay
This commit is contained in:
Peder Bergebakken Sundt 2024-03-10 05:01:04 +01:00 committed by GitHub
commit 4a4a70ca31
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 34 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
nixos/modules/services/networking/nebula.nix
View file

@ -10,6 +10,15 @@ let
format = pkgs.formats.yaml {}; format = pkgs.formats.yaml {};
nameToId = netName: "nebula-${netName}"; nameToId = netName: "nebula-${netName}";
resolveFinalPort = netCfg:
if netCfg.listen.port == null then
if (netCfg.isLighthouse || netCfg.isRelay) then
4242
else
0
else
netCfg.listen.port;
in in
{ {
# Interface # Interface
@ -95,8 +104,15 @@ in
}; };
listen.port = mkOption { listen.port = mkOption {
type = types.port; type = types.nullOr types.port;
default = 4242; default = null;
defaultText = lib.literalExpression ''
if (config.services.nebula.networks.''${name}.isLighthouse ||
config.services.nebula.networks.''${name}.isRelay) then
4242
else
0;
'';
description = lib.mdDoc "Port number to listen on."; description = lib.mdDoc "Port number to listen on.";
}; };
@ -174,7 +190,7 @@ in
}; };
listen = { listen = {
host = netCfg.listen.host; host = netCfg.listen.host;
port = netCfg.listen.port; port = resolveFinalPort netCfg;
}; };
tun = { tun = {
disabled = netCfg.tun.disable; disabled = netCfg.tun.disable;
@ -185,7 +201,15 @@ in
outbound = netCfg.firewall.outbound; outbound = netCfg.firewall.outbound;
}; };
} netCfg.settings; } netCfg.settings;
configFile = format.generate "nebula-config-${netName}.yml" settings; configFile = format.generate "nebula-config-${netName}.yml" (
warnIf
((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port == 0)
''
Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}.
You will likely experience connectivity issues: https://nebula.defined.net/docs/config/listen/#listenport
''
settings
);
in in
{ {
# Create the systemd service for Nebula. # Create the systemd service for Nebula.
@ -229,7 +253,7 @@ in
# Open the chosen ports for UDP. # Open the chosen ports for UDP.
networking.firewall.allowedUDPPorts = networking.firewall.allowedUDPPorts =
unique (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks); unique (filter (port: port > 0) (mapAttrsToList (netName: netCfg: resolveFinalPort netCfg) enabledNetworks));
# Create the service users and groups. # Create the service users and groups.
users.users = mkMerge (mapAttrsToList (netName: netCfg: users.users = mkMerge (mapAttrsToList (netName: netCfg:

6
nixos/tests/nebula.nix
View file

@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let
environment.systemPackages = [ pkgs.nebula ]; environment.systemPackages = [ pkgs.nebula ];
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.enable = true; # Implicitly true, but let's make sure.
networking.interfaces.eth1.useDHCP = false; networking.interfaces.eth1.useDHCP = false;
services.nebula.networks.smoke = { services.nebula.networks.smoke = {
@ -17,7 +18,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let
ca = "/etc/nebula/ca.crt"; ca = "/etc/nebula/ca.crt";
cert = "/etc/nebula/${name}.crt"; cert = "/etc/nebula/${name}.crt";
key = "/etc/nebula/${name}.key"; key = "/etc/nebula/${name}.key";
listen = { host = "0.0.0.0"; port = 4242; }; listen = {
host = "0.0.0.0";
port = if (config.services.nebula.networks.smoke.isLighthouse || config.services.nebula.networks.smoke.isRelay) then 4242 else 0;
};
}; };
} }
extraConfig extraConfig