diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix index 6d55ffaf8..922743bf1 100644 --- a/makefu/2configs/udpt.nix +++ b/makefu/2configs/udpt.nix @@ -1,6 +1,7 @@ {pkgs, ...}: let + daemon-port = 6969; cfgfile = pkgs.writeText "udpt-config" '' [db] driver=sqlite3 @@ -11,7 +12,9 @@ let port=6969 threads=5 allow_remotes=yes - allow_iana_ips=no + + # allow retiolum: + allow_iana_ips=yes announce_interval=1800 cleanup_interval=120 @@ -19,7 +22,7 @@ let enable=yes [logging] - filename=- + filename=/tmp/udpt.log level=warning ''; in { @@ -27,5 +30,8 @@ in { enable = true; inherit cfgfile; }; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p udp --dport ${toString daemon-port} -j ACCEPT + ''; } diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix index 2086bd540..59602e4a9 100644 --- a/makefu/3modules/udpt.nix +++ b/makefu/3modules/udpt.nix @@ -40,8 +40,9 @@ let restartIfChanged = true; serviceConfig = { Type = "simple"; - ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}"; + ExecStart = "${cfg.package}/bin/udpt -i -c ${shell.escape cfg.cfgfile}"; PrivateTmp = true; + WorkingDirectory = "/tmp"; User = "${cfg.user}"; }; };