3
0
Fork 0
forked from mirrors/nixpkgs

nixos/taskserver: Set allowedTCPPorts accordingly

As suggested by @matthiasbeyer:

"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"

This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".

In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2016-04-12 05:13:04 +02:00
parent 5be76d0b55
commit ce0954020c
No known key found for this signature in database
GPG key ID: D0EBD0EC8C2DC961
2 changed files with 8 additions and 2 deletions

View file

@ -324,8 +324,13 @@ in {
listenHost = mkOption {
type = types.str;
default = "localhost";
example = "::";
description = ''
The address (IPv4, IPv6 or DNS) to listen on.
If the value is something else than <literal>localhost</literal> the
port defined by <option>listenPort</option> is automatically added to
<option>networking.firewall.allowedTCPPorts</option>.
'';
};
@ -519,6 +524,9 @@ in {
'';
};
})
(mkIf (cfg.listenHost != "localhost") {
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
})
{ meta.doc = ./taskserver.xml; }
];
}

View file

@ -3,7 +3,6 @@ import ./make-test.nix {
nodes = rec {
server = {
networking.firewall.enable = false;
services.taskserver.enable = true;
services.taskserver.listenHost = "::";
services.taskserver.fqdn = "server";
@ -14,7 +13,6 @@ import ./make-test.nix {
};
client1 = { pkgs, ... }: {
networking.firewall.enable = false;
environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ];
users.users.alice.isNormalUser = true;
users.users.bob.isNormalUser = true;