Nixpkgs: nixos/taskserver: Firewall is opened on all interfaces

Created on 15 Sep 2019 · 3Comments · Source: NixOS/nixpkgs

Describe the bug

If services.taskserver.listenHost is changed from its default value of localhost, the module sets

networking.firewall.allowedTCPPorts = [ cfg.listenPort ];

This option is interface-agnostic, and doesn't allow the user to restrict access to a single
interface easily.

Expected behavior

There should be a way to allow access on only some interfaces, even if listenHost was set.

Some modules have an openFirewall option, which would solve this nicely. With a default of true, backwards compatibility would be kept.

I'll send a PR if that sounds good.

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module: services.taskserver.listenHost

cc @aszlig

bug nixos

Source

tilpner

👍1

Most helpful comment

@tilpner: In addition to that option, I'd probably go for deprecation, removing the allowedTCPPorts definition entirely from the module and not open up those ports at all. The latter should be explicitly set by the user.

aszlig on 15 Sep 2019

👍2

All 3 comments

aszlig on 15 Sep 2019

👍2

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

Search for maintainers and people that previously touched the
related code and @ mention them in a comment.
Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
irc.freenode.net.