feat(whitby): Add shadowsocks server

This adds a shadowsocks service, running on port 8443, tcp and udp. The password is read from /etc/secrets/shadowsocks-secret.sec, and needs to be populated externally. Change-Id: I6797150db108ba14459502dee43d8e4ed6cfa910 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3125 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-05-21 13:11:46 +02:00 · 2021-05-21 13:11:46 +02:00 · 48b052c1e4
commit 48b052c1e4
parent cd2e889f41
1 changed files with 8 additions and 1 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -129,7 +129,8 @@ in {
      interface = "enp196s0";
    };

-    firewall.allowedTCPPorts = [ 22 80 443 4238 29418 ];
+    firewall.allowedTCPPorts = [ 22 80 443 4238 8443 29418 ];
+    firewall.allowedUDPPorts = [ 8443 ];

    interfaces.enp196s0.useDHCP = true;
    interfaces.enp196s0.ipv6.addresses = [
@ -339,6 +340,12 @@ in {
    ];
  };

+  services.shadowsocks = {
+    enable = true;
+    port = 8443;
+    passwordFile = "/etc/secrets/shadowsocks-secret.sec";
+  };
+
  services.nix-serve = {
    enable = true;
    port = 6443;