tangled.org
close #269
-8
nix/modules/knot.nix
-8
nix/modules/knot.nix
···
32
32
description = "User that hosts git repos and performs git operations";
33
33
};
34
34
35
-
openFirewall = mkOption {
36
-
type = types.bool;
37
-
default = true;
38
-
description = "Open port 22 in the firewall for ssh";
39
-
};
40
-
41
35
stateDir = mkOption {
42
36
type = types.path;
43
37
default = "/home/${cfg.gitUser}";
···
205
199
Restart = "always";
206
200
};
207
201
};
208
-
209
-
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [22];
210
202
};
211
203
}
History
3 rounds
4 comments
boltless.me
submitted
#2
1 commit
expand
collapse
nix/modules/knot: remove firewall settings
firewall should be handled by users. this change will allow setting
non-22 ssh ports
Close: #269
Signed-off-by: Seongmin Lee <git@boltless.me>
3/3 success
expand
collapse
expand 4 comments
Well.. it is, but as ssh ports are also configurable and the firewall should follow the correct configured ssh ports, I think removing the firewall settings will make things simpler. Users can configure there networks by their own.
this is pretty common practice in nixpkgs.
ok I'm closing this. the description explicitly states it opens hard-coded port 22, so I think it's fine to leave it not following config.services.openssh.posts.
closed without merging
boltless.me
submitted
#1
1 commit
expand
collapse
nix/modules/knot: remove firewall settings
firewall should be handled by users. this change will allow setting
non-22 ssh ports
Close: #269
Signed-off-by: Seongmin Lee <git@boltless.me>
3/3 success
expand
collapse
expand 0 comments
boltless.me
submitted
#0
1 commit
expand
collapse
nix/modules/knot: make ssh ports configurable
Close: #269
Signed-off-by: Seongmin Lee <git@boltless.me>
if
openFirewallis not set totrue, this is already configurable is it not?