commit 979027ce543c9bb1a5c671bf54546f5712fc5ba1 · freshlybakedca.ke/patisserie

Your one-stop-cake-shop for everything Freshly Baked has to offer

fix(spindle): open firewall for all interfaces

There's a race condition here where teal sometimes looks up midnight
when not connected to tailscale. If it does that, it resolves midnight
on the local network. That would be entirely fine if we weren't just
listening on Tailscale.

Further, that lookup can then get cached, bringing down the spindle even
when tailscale comes up

We trust the local network, let's just allow this route too...

a.starrysky.fyi 3 months ago 979027ce 1a4bdedb

options

unified split

Changed files

+1 -1

packetmix

systems

midnight

spindle.nix

+1 -1

packetmix/systems/midnight/spindle.nix

··· 6 { 7 imports = [ project.inputs.tangled.result.nixosModules.spindle ]; 8 9 - networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1024 ]; 10 11 services.tangled-spindle = { 12 enable = true;

··· 6 { 7 imports = [ project.inputs.tangled.result.nixosModules.spindle ]; 8 9 + networking.firewall.allowedTCPPorts = [ 1024 ]; 10 11 services.tangled-spindle = { 12 enable = true;