Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security: restrict RTL, Mempool ports to LAN-only; remove global firewall rules

Browse Source 
Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/1110322d-bc41-4d5d-9a4c-e5f7a5d2ef57

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-05 14:29:09 +00:00
committed by GitHub
parent a3b34ef74b
commit 7c047a16b7
2 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/core/caddy.nix
View File

@@ -156,7 +156,7 @@ EOF
# RTL (LAN access) # RTL (LAN access)
cat >> /run/caddy/Caddyfile <<EOF cat >> /run/caddy/Caddyfile <<EOF
:3051 { http://127.0.0.1:3051, http://sovransystemsos.local:3051 {
reverse_proxy :3050 reverse_proxy :3050
encode gzip zstd encode gzip zstd
} }
@@ -165,7 +165,7 @@ EOF
# Mempool (LAN access) # Mempool (LAN access)
cat >> /run/caddy/Caddyfile <<EOF cat >> /run/caddy/Caddyfile <<EOF
:60847 { http://127.0.0.1:60847, http://sovransystemsos.local:60847 {
reverse_proxy :60845 reverse_proxy :60845
encode gzip zstd encode gzip zstd
} }

1
modules/core/sovran-hub.nix
View File

@@ -293,6 +293,5 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = [ 3051 8937 60847 ];
}; };
} }