about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2021-05-21T11·11+0200
committertazjin <mail@tazj.in>2021-05-22T13·28+0000
commit48b052c1e485e97d7e77abdef44b69b4967faada (patch)
treed015e656176cd1f82279ae47043318bdc07c8443 /ops
parentcd2e889f4176a8586b84ea4e339f16427bbde829 (diff)
feat(whitby): Add shadowsocks server r/2600
This adds a shadowsocks service, running on port 8443, tcp and udp.

The password is read from /etc/secrets/shadowsocks-secret.sec, and needs
to be populated externally.

Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops')
-rw-r--r--ops/machines/whitby/default.nix9
1 files changed, 8 insertions, 1 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 5767be578737..46c2868c5577 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -129,7 +129,8 @@ in {
       interface = "enp196s0";
     };
 
-    firewall.allowedTCPPorts = [ 22 80 443 4238 29418 ];
+    firewall.allowedTCPPorts = [ 22 80 443 4238 8443 29418 ];
+    firewall.allowedUDPPorts = [ 8443 ];
 
     interfaces.enp196s0.useDHCP = true;
     interfaces.enp196s0.ipv6.addresses = [
@@ -339,6 +340,12 @@ in {
     ];
   };
 
+  services.shadowsocks = {
+    enable = true;
+    port = 8443;
+    passwordFile = "/etc/secrets/shadowsocks-secret.sec";
+  };
+
   services.nix-serve = {
     enable = true;
     port = 6443;