diff options
author | Florian Klink <flokli@flokli.de> | 2021-05-21T11·11+0200 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2021-05-22T13·28+0000 |
commit | 48b052c1e485e97d7e77abdef44b69b4967faada (patch) | |
tree | d015e656176cd1f82279ae47043318bdc07c8443 /ops/machines/whitby/default.nix | |
parent | cd2e889f4176a8586b84ea4e339f16427bbde829 (diff) |
feat(whitby): Add shadowsocks server r/2600
This adds a shadowsocks service, running on port 8443, tcp and udp. The password is read from /etc/secrets/shadowsocks-secret.sec, and needs to be populated externally. Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops/machines/whitby/default.nix')
-rw-r--r-- | ops/machines/whitby/default.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 5767be578737..46c2868c5577 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -129,7 +129,8 @@ in { interface = "enp196s0"; }; - firewall.allowedTCPPorts = [ 22 80 443 4238 29418 ]; + firewall.allowedTCPPorts = [ 22 80 443 4238 8443 29418 ]; + firewall.allowedUDPPorts = [ 8443 ]; interfaces.enp196s0.useDHCP = true; interfaces.enp196s0.ipv6.addresses = [ @@ -339,6 +340,12 @@ in { ]; }; + services.shadowsocks = { + enable = true; + port = 8443; + passwordFile = "/etc/secrets/shadowsocks-secret.sec"; + }; + services.nix-serve = { enable = true; port = 6443; |