~jb55/citadel

05f9ae27da58d57e8817e7c866e7f1829860d237 — William Casarin 1 year, 1 month ago c5e906e
nix/monad: udp-notify-daemon
2 files changed, 24 insertions(+), 1 deletions(-)

M nix-config/machines/monad/default.nix
M nix-config/machines/monad/networking/default.nix
M nix-config/machines/monad/default.nix => nix-config/machines/monad/default.nix +13 -0
@@ 140,6 140,19 @@ in
  # shitcoin vendor
  services.keybase.enable = false;

  systemd.user.services.udp-notify-daemon = {
    enable = true;
    description = "udp notification daemon";
    wantedBy = [ "default.target" ];
    after    = [ "default.target" ];

    path = with pkgs; [ bash gnupg libnotify ];

    serviceConfig.ExecStart = util.writeBash "notify-daemon" ''
      exec ${pkgs.socat}/bin/socat -d -d udp4-recvfrom:${toString extra.private.notify-port},reuseaddr,fork exec:/home/jb55/bin/recvalert
    '';
  };

  systemd.services.block-distracting-hosts = {
    description = "Block Distracting Hosts";


M nix-config/machines/monad/networking/default.nix => nix-config/machines/monad/networking/default.nix +11 -1
@@ 18,16 18,26 @@ let
    lightning = 9735;
    lightningt = 9736;
    dns = 53;
    http = 80;
    wireguard = 51820;
    inherit (extra.private) notify-port;
  };
in
{
  networking.hostId = extra.machine.hostId;

  #networking.firewall.trustedInterfaces = ["wg0"];
  networking.firewall.allowedTCPPorts = with ports; [ lightning lightningt synergy ];
  networking.firewall.allowedTCPPorts = with ports; [ lightning lightningt synergy http ];
  networking.firewall.allowedUDPPorts = [ ports.dns ports.wireguard ];

  networking.firewall.extraCommands = ''
    iptables -A nixos-fw -s 10.100.0.1/24,45.79.91.128 -p udp --dport ${toString ports.notify-port} -j nixos-fw-accept
  '';

  networking.firewall.extraStopCommands = ''
    iptables -D nixos-fw -s 10.100.0.1/24,45.79.91.128 -p udp --dport ${toString ports.notify-port} -j nixos-fw-accept || true
  '';

  networking.nat.enable = true;
  networking.nat.externalInterface = "eth0";
  networking.nat.internalInterfaces = [ "wg0" ];