commit 05f9ae27da58d57e8817e7c866e7f1829860d237
parent c5e906e5489e214ff778eaf66cac8038703a67af
Author: William Casarin <jb55@jb55.com>
Date: Tue, 22 Sep 2020 14:23:35 -0700
nix/monad: udp-notify-daemon
Diffstat:
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/nix-config/machines/monad/default.nix b/nix-config/machines/monad/default.nix
@@ -140,6 +140,19 @@ in
# shitcoin vendor
services.keybase.enable = false;
+ systemd.user.services.udp-notify-daemon = {
+ enable = true;
+ description = "udp notification daemon";
+ wantedBy = [ "default.target" ];
+ after = [ "default.target" ];
+
+ path = with pkgs; [ bash gnupg libnotify ];
+
+ serviceConfig.ExecStart = util.writeBash "notify-daemon" ''
+ exec ${pkgs.socat}/bin/socat -d -d udp4-recvfrom:${toString extra.private.notify-port},reuseaddr,fork exec:/home/jb55/bin/recvalert
+ '';
+ };
+
systemd.services.block-distracting-hosts = {
description = "Block Distracting Hosts";
diff --git a/nix-config/machines/monad/networking/default.nix b/nix-config/machines/monad/networking/default.nix
@@ -18,16 +18,26 @@ let
lightning = 9735;
lightningt = 9736;
dns = 53;
+ http = 80;
wireguard = 51820;
+ inherit (extra.private) notify-port;
};
in
{
networking.hostId = extra.machine.hostId;
#networking.firewall.trustedInterfaces = ["wg0"];
- networking.firewall.allowedTCPPorts = with ports; [ lightning lightningt synergy ];
+ networking.firewall.allowedTCPPorts = with ports; [ lightning lightningt synergy http ];
networking.firewall.allowedUDPPorts = [ ports.dns ports.wireguard ];
+ networking.firewall.extraCommands = ''
+ iptables -A nixos-fw -s 10.100.0.1/24,45.79.91.128 -p udp --dport ${toString ports.notify-port} -j nixos-fw-accept
+ '';
+
+ networking.firewall.extraStopCommands = ''
+ iptables -D nixos-fw -s 10.100.0.1/24,45.79.91.128 -p udp --dport ${toString ports.notify-port} -j nixos-fw-accept || true
+ '';
+
networking.nat.enable = true;
networking.nat.externalInterface = "eth0";
networking.nat.internalInterfaces = [ "wg0" ];
