fix(spindle): open firewall for all interfaces #27

merged

opened by

a.starrysky.fyi 3 months ago targeting main from private/minion/push-ympkyqtupzos

There's a race condition here where teal sometimes looks up midnight when not connected to tailscale. If it does that, it resolves midnight on the local network. That would be entirely fine if we weren't just listening on Tailscale.

Further, that lookup can then get cached, bringing down the spindle even when tailscale comes up

We trust the local network, let's just allow this route too...

options

unified split

Changed files

+1 -1

packetmix

systems

midnight

spindle.nix

+1 -1

packetmix/systems/midnight/spindle.nix

··· 6 6 { 7 7 imports = [ project.inputs.tangled.result.nixosModules.spindle ]; 8 8 9 - networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1024 ]; 9 + networking.firewall.allowedTCPPorts = [ 1024 ]; 10 10 11 11 services.tangled-spindle = { 12 12 enable = true;