nixos/home-assistant: fix openFirewall

author: Robert Schütz <nix@dotlambda.de> 2022-05-03 00:16:03 +0000
committer: Robert Schütz <github@dotlambda.de> 2022-05-05 15:04:46 -0700
commit: ccf42c7987c00fa594bc64798dc28468003e2b37 (patch)
tree: cfcd16f954a7b80e7befa27e3319b7b4599497ba /nixos/modules/services/home-automation/home-assistant.nix
parent: 5ddae4097c18875b36119833467cdd8a30931815 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/services/home-automation/home-assistant.nix b/nixos/modules/services/home-automation/home-assistant.nix
index 6022227f6ea88..e255e5d22188b 100644
--- a/nixos/modules/services/home-automation/home-assistant.nix
+++ b/nixos/modules/services/home-automation/home-assistant.nix
@@ -360,7 +360,14 @@ in {
   };
 
   config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
+    assertions = [
+      {
+        assertion = cfg.openFirewall -> !isNull cfg.config;
+        message = "openFirewall can only be used with a declarative config";
+      }
+    ];
+
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.config.http.server_port ];
 
     systemd.services.home-assistant = {
       description = "Home Assistant";
author	Robert Schütz <nix@dotlambda.de>	2022-05-03 00:16:03 +0000
committer	Robert Schütz <github@dotlambda.de>	2022-05-05 15:04:46 -0700
commit	ccf42c7987c00fa594bc64798dc28468003e2b37 (patch)
tree	cfcd16f954a7b80e7befa27e3319b7b4599497ba /nixos/modules/services/home-automation/home-assistant.nix
parent	5ddae4097c18875b36119833467cdd8a30931815 (diff)