nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 15:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/endlessh-go: fix firewall bugs

Browse Source 
this change fixes 2 major bugs in the endlessh-go service's firewall options:

1. prometheus port unexpectedly allowed through firewall (services.endlessh-go.openFirewall)

the description of the option is "Whether to open a firewall port for the SSH listener." however as we can see, both the ssh listener AND the prometheus listener have their ports opened. this is especially troublesome because endlessh-go (i guess as an artifact of being developed for docker) defaults the prometheus listener to 0.0.0.0.

2. the prometheus port unexpectedly allowed through firewall when prometheus is disabled (services.endlessh-go.prometheus.enable)

even when prometheus is disabled, its port is allowed through the firewall
This commit is contained in:
Vivek 2024-09-04 20:02:22 -07:00 committed by Vivek Revankar
parent 85f9b1c748
commit 17a46028b9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/security/endlessh-go.nix
View File

@ -131,7 +131,7 @@ in
};
networking.firewall.allowedTCPPorts = with cfg;
optionals openFirewall [ port prometheus.port ];
optionals openFirewall [ port ];
};
meta.maintainers = with maintainers; [ azahi ];