Skip to content

Commit

Permalink
improve allow-peer sg to only allows relays that actually connect
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbgi
jbgi committed Jul 31, 2020
1 parent e6e87b0 commit dbc8296
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions physical/aws/security-groups/allow-peers.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@ with lib;
let
inherit (pkgs.globals) cardanoNodePort topology maxPrivilegedRelays;
inherit (topology) coreNodes relayNodes byronProxies;
concernedCoreNodes = map (c: c.name) (filter (c: c.region == region && c.org == org) coreNodes);
privateRelayNodes = topology.privateRelayNodes or [];
privilegedRelays = lib.take maxPrivilegedRelays relayNodes;
peers = map (n: n.name) (builtins.concatLists [ coreNodes privateRelayNodes privilegedRelays byronProxies ])
concernedRelays = filter (r: any (p: builtins.elem p concernedCoreNodes) r.producers) (privateRelayNodes ++ relayNodes);
privilegedRelays = lib.take maxPrivilegedRelays concernedRelays;
peers = map (n: n.name) (builtins.concatLists [ coreNodes privilegedRelays byronProxies ])
# Allow explorer to connect directly to core nodes if there is no relay nodes.
++ (lib.optional (nodes ? explorer && relayNodes == []) "explorer");
in
Expand Down

0 comments on commit dbc8296

Please sign in to comment.