services: add helper fn setAllowedIPAddresses
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist which doesn't use Tor.
This commit is contained in:
Erik Arvstedt
parent
cdf27d9d0c
commit
020433cec6
11 changed files with 22 additions and 45 deletions
14
pkgs/lib.nix
14
pkgs/lib.nix
|
|
@ -35,13 +35,17 @@ let self = {
|
|||
|
||||
# nodejs applications apparently rely on memory write execute
|
||||
nodejs = { MemoryDenyWriteExecute = "false"; };
|
||||
# Allow tor traffic. Allow takes precedence over Deny.
|
||||
allowTor = {
|
||||
|
||||
# Allow takes precedence over Deny.
|
||||
allowLocalIPAddresses = {
|
||||
IPAddressAllow = "127.0.0.1/32 ::1/128 169.254.0.0/16";
|
||||
};
|
||||
# Allow any traffic
|
||||
allowAnyIP = { IPAddressAllow = "any"; };
|
||||
allowAnyProtocol = { RestrictAddressFamilies = "~"; };
|
||||
allowAllIPAddresses = { IPAddressAllow = "any"; };
|
||||
allowTor = self.allowLocalIPAddresses;
|
||||
allowedIPAddresses = onlyLocal:
|
||||
if onlyLocal
|
||||
then self.allowLocalIPAddresses
|
||||
else self.allowAllIPAddresses;
|
||||
|
||||
enforceTor = mkOption {
|
||||
type = types.bool;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue