pyrox.dev
nixos/taskserver: Set allowedTCPPorts accordingly
As suggested by @matthiasbeyer:
"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"
This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".
In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
+8
nixos/modules/services/misc/taskserver/default.nix
+8
nixos/modules/services/misc/taskserver/default.nix
···
324
324
listenHost = mkOption {
325
325
type = types.str;
326
326
default = "localhost";
327
+
example = "::";
327
328
description = ''
328
329
The address (IPv4, IPv6 or DNS) to listen on.
330
+
331
+
If the value is something else than <literal>localhost</literal> the
332
+
port defined by <option>listenPort</option> is automatically added to
333
+
<option>networking.firewall.allowedTCPPorts</option>.
329
334
'';
330
335
};
331
336
···
518
523
chmod go+x "${cfg.dataDir}/keys"
519
524
'';
520
525
};
526
+
})
527
+
(mkIf (cfg.listenHost != "localhost") {
528
+
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
521
529
})
522
530
{ meta.doc = ./taskserver.xml; }
523
531
];
-2
nixos/tests/taskserver.nix
-2
nixos/tests/taskserver.nix
···
3
3
4
4
nodes = rec {
5
5
server = {
6
-
networking.firewall.enable = false;
7
6
services.taskserver.enable = true;
8
7
services.taskserver.listenHost = "::";
9
8
services.taskserver.fqdn = "server";
···
14
13
};
15
14
16
15
client1 = { pkgs, ... }: {
17
-
networking.firewall.enable = false;
18
16
environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ];
19
17
users.users.alice.isNormalUser = true;
20
18
users.users.bob.isNormalUser = true;