From 12e1f8067b7e4938728397ab4505a9f340cc4124 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:23:06 -0600 Subject: [PATCH] added port forwards to services --- configurations/nixos/defiant/services.nix | 34 +------------------ modules/nixos-modules/server/pihole.nix | 7 +++- .../nixos-modules/server/reverse_proxy.nix | 7 ++++ 3 files changed, 14 insertions(+), 34 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 73c7024..fdb0383 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -4,13 +4,7 @@ pkgs, inputs, ... -}: let - jellyfinPort = 8096; - dnsPort = 53; - httpPort = 80; - httpsPort = 443; - isDebug = false; -in { +}: { imports = []; options = { @@ -30,18 +24,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that home-assistant will be hosted at"; - default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -135,20 +117,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = - [ - httpPort - httpsPort - dnsPort - ] - ++ (lib.optional isDebug [ - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - config.services.home-assistant.config.http.server_port - config.services.postgresql.settings.port - ]); - environment.systemPackages = [ config.services.headscale.package ]; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index df86b97..6ec7628 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -3,7 +3,9 @@ config, inputs, ... -}: { +}: let + dnsPort = 53; +in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; directory = lib.mkOption { @@ -80,6 +82,9 @@ }; }; }; + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index bd39d4c..12fe757 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -4,6 +4,8 @@ ... }: let dataDir = "/var/lib/acme"; + httpPort = 80; + httpsPort = 443; in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; @@ -54,6 +56,11 @@ in { }) config.host.reverse_proxy.subdomains; }; + + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + ]; } (lib.mkIf config.host.impermanence.enable { # TODO: figure out how to write an assertion for this