commit ce0954020c71007b7a9ec2822949d31f18aea170

pyrox.dev / nixpkgs

lol

nixos/taskserver: Set allowedTCPPorts accordingly

As suggested by @matthiasbeyer:

"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"

This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".

In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

aszlig 9 years ago ce095402 5be76d0b

+8 -2

2 changed files

expand all

unified split

nixos

modules

services

misc

taskserver

default.nix

tests

taskserver.nix

nixos/modules/services/misc/taskserver/default.nix

··· 324 listenHost = mkOption { 325 type = types.str; 326 default = "localhost"; 327 description = '' 328 The address (IPv4, IPv6 or DNS) to listen on. 329 ''; 330 }; 331 ··· 518 chmod go+x "${cfg.dataDir}/keys" 519 ''; 520 }; 521 }) 522 { meta.doc = ./taskserver.xml; } 523 ];

··· 324 listenHost = mkOption { 325 type = types.str; 326 default = "localhost"; 327 + example = "::"; 328 description = '' 329 The address (IPv4, IPv6 or DNS) to listen on. 330 + 331 + If the value is something else than <literal>localhost</literal> the 332 + port defined by <option>listenPort</option> is automatically added to 333 + <option>networking.firewall.allowedTCPPorts</option>. 334 ''; 335 }; 336 ··· 523 chmod go+x "${cfg.dataDir}/keys" 524 ''; 525 }; 526 + }) 527 + (mkIf (cfg.listenHost != "localhost") { 528 + networking.firewall.allowedTCPPorts = [ cfg.listenPort ]; 529 }) 530 { meta.doc = ./taskserver.xml; } 531 ];

-2

nixos/tests/taskserver.nix

··· 3 4 nodes = rec { 5 server = { 6 - networking.firewall.enable = false; 7 services.taskserver.enable = true; 8 services.taskserver.listenHost = "::"; 9 services.taskserver.fqdn = "server"; ··· 14 }; 15 16 client1 = { pkgs, ... }: { 17 - networking.firewall.enable = false; 18 environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ]; 19 users.users.alice.isNormalUser = true; 20 users.users.bob.isNormalUser = true;

··· 3 4 nodes = rec { 5 server = { 6 services.taskserver.enable = true; 7 services.taskserver.listenHost = "::"; 8 services.taskserver.fqdn = "server"; ··· 13 }; 14 15 client1 = { pkgs, ... }: { 16 environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ]; 17 users.users.alice.isNormalUser = true; 18 users.users.bob.isNormalUser = true;