Merge pull request 'syncthing: restrict access of peers to vpn' (#626) from a-kenji-restrict-introducer into main

2023-12-08 12:56:35 +00:00 · 2023-12-08 12:56:35 +00:00 · 9bc75943e3
commit 9bc75943e3
parent 3c04d14917 c8ffcadad9
1 changed files with 3 additions and 3 deletions
--- a/clanModules/syncthing.nix
+++ b/clanModules/syncthing.nix
@ -45,7 +45,6 @@
        8384
        22000
      ];
-      # local ui TODO: mkDefault ?
      networking.firewall.allowedTCPPorts = [ 8384 ];
      networking.firewall.interfaces."zt+".allowedUDPPorts = [
        22000
@ -72,6 +71,8 @@

        dataDir = lib.mkDefault "/home/user/";

+        group = "syncthing";
+
        key =
          lib.mkDefault
            config.clanCore.secrets.syncthing.secrets."syncthing.key".path or null;
@ -82,8 +83,7 @@
        settings = {
          options = {
            urAccepted = -1;
-            # TODO:
-            # allowedNetworks = [];
+            allowedNetworks = [ config.clan.networking.zerotier.subnet ];
          };
          devices =
            { }