aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

netns-isolation: netns architecture

Browse source 
- Adds network namespace instantiation and routing architecture.
- netns-isolation disabled by default. Can be enabled with
  configuration.nix FIXME.
- Uses mkMerge to toggle certain options for non netns and netns
  systems.
- Adds security wrapper for netns-exec which allows operator to exec
  with cap_sys_admin
- User can select the 169.254.N.0/24 addressblock netns's are created in.
- nix-bitcoin-services IpAddressAllow is amended with link-local
  addresses
This commit is contained in:
nixbitcoin 2020-05-29 10:53:35 +00:00
parent 4a7199a3da
commit e5e07b91f7
No known key found for this signature in database
GPG key ID: DD11F9AD5308B3BA
5 changed files with 181 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/presets/secure-node.nix
View file

@ -52,6 +52,11 @@ in {
hiddenServices.sshd = mkHiddenService { port = 22; };
};
# netns-isolation
nix-bitcoin.netns-isolation = {
addressblock = 1;
};
# bitcoind
services.bitcoind = {
enable = true;