From 288a7ace2fe9efd0165bd6f11e6a24d2969f54ac Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Mon, 7 Aug 2023 21:30:05 +0800
Subject: [PATCH] fix frp tls cert

---
 modules/services/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/services/default.nix b/modules/services/default.nix
index 9b204d66..e1d946af 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -529,8 +529,8 @@ inputs:
 									bind_port = 7000;
 									bind_udp_port = 7000;
 									token = inputs.config.sops.placeholder."frp/token";
-									tls_cert_file = "${cert}/fullchain.pem";
-									tls_key_file = "${cert}/privkey.pem";
+									tls_cert_file = "${cert}/full.pem";
+									tls_key_file = "${cert}/key.pem";
 									tls_only = true;
 									user_conn_timeout = 30;
 								};
@@ -541,6 +541,7 @@ inputs:
 					nixos.services.acme = { enable = true; certs = [ services.frpServer.serverName ]; };
 					security.acme.certs.${services.frpServer.serverName}.group = "frp";
 					users = { users.frp = { isSystemUser = true; group = "frp"; }; groups.frp = {}; };
+					networking.firewall.allowedTCPPorts = [ 7000 ];
 				}
 			)
 		];