forked from mirrors/nixpkgs
nixos/taskserver: Set allowedTCPPorts accordingly
As suggested by @matthiasbeyer: "We might add a short note that this port has to be opened in the firewall, or is this done by the service automatically?" This commit now adds the listenPort to networking.firewall.allowedTCPPorts as soon as the listenHost is not "localhost". In addition to that, this is now also documented in the listenHost option declaration and I have removed disabling of the firewall from the VM test. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
5be76d0b55
commit
ce0954020c
|
@ -324,8 +324,13 @@ in {
|
|||
listenHost = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
example = "::";
|
||||
description = ''
|
||||
The address (IPv4, IPv6 or DNS) to listen on.
|
||||
|
||||
If the value is something else than <literal>localhost</literal> the
|
||||
port defined by <option>listenPort</option> is automatically added to
|
||||
<option>networking.firewall.allowedTCPPorts</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -519,6 +524,9 @@ in {
|
|||
'';
|
||||
};
|
||||
})
|
||||
(mkIf (cfg.listenHost != "localhost") {
|
||||
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
|
||||
})
|
||||
{ meta.doc = ./taskserver.xml; }
|
||||
];
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ import ./make-test.nix {
|
|||
|
||||
nodes = rec {
|
||||
server = {
|
||||
networking.firewall.enable = false;
|
||||
services.taskserver.enable = true;
|
||||
services.taskserver.listenHost = "::";
|
||||
services.taskserver.fqdn = "server";
|
||||
|
@ -14,7 +13,6 @@ import ./make-test.nix {
|
|||
};
|
||||
|
||||
client1 = { pkgs, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ];
|
||||
users.users.alice.isNormalUser = true;
|
||||
users.users.bob.isNormalUser = true;
|
||||
|
|
Loading…
Reference in a new issue