Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

znc: open firewall with configured port #29171

Merged
merged 2 commits into from Sep 10, 2017
Merged

znc: open firewall with configured port #29171

merged 2 commits into from Sep 10, 2017

Conversation

vaibhavsagar
Copy link
Member

The configuration doesn't currently open the configured port, which is
less convenient than opening it.

Motivation for this change

I was confused that my IRC client was not connecting to the port until I manually opened the port in my firewall configuration separately. I think it would be better if the ZNC configuration itself ensured the port was opened.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@vaibhavsagar
znc: open firewall with configured port
83d89e9 
The configuration doesn't currently open the configured port, which is
less convenient than opening it.
@mention-bot
Copy link

@vaibhavsagar, thanks for your PR! By analyzing the history of the files in this pull request, we identified @chexxor, @schneefux and @nocoolnametom to be potential reviewers.

Mic92
Mic92 reviewed Sep 10, 2017
View reviewed changes
nixos/modules/services/networking/znc.nix Outdated
@@ -350,6 +350,8 @@ in

config = mkIf cfg.enable {

networking.firewall.allowedTCPPorts = [ cfg.port ];
Copy link
Member

@Mic92 Mic92 Sep 10, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently we have do not open ports automatically by convention just if the server is enabled.
Users might want to use the service, but restrict the port only for specific source ips / network interfaces or don't expose it at all. The only port we open by default is ssh.
Some services have therefor an additional property called openPorts or openFirewall in the service itself to open ports explicitly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense. I've added an openFirewall option like the one in the Redis configuration.

@Mic92 Mic92 merged commit 7641d0e into NixOS:master Sep 10, 2017
@vaibhavsagar
Copy link
Member Author

Thanks!

@vaibhavsagar vaibhavsagar deleted the znc-open-firewall branch September 10, 2017 14:27
@mbrgm mbrgm mentioned this pull request Sep 27, 2017
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vaibhavsagar @mention-bot @Mic92