diff options
| author | Sarah Brofeldt <sbrofeldt@gmail.com> | 2024-03-01 09:57:07 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-01 09:57:07 +0100 |
| commit | 13a94ad1fb9b9a190c196cd3df4f03e38d638845 (patch) | |
| tree | 5a8db6ecb6377ac2e60f731e7eb838abd914d244 /nixos | |
| parent | f4e2bf9f338e62c3cd7d60a9c42fcf2223dc8b6d (diff) | |
| parent | d31cbb78caf3513e43e758f85d509fa383887806 (diff) | |
Merge pull request #292291 from cafkafk/dockerRegistry-openFirewall
nixos/dockerRegistry: add `openFirewall` option
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/misc/docker-registry.nix | 10 | ||||
| -rw-r--r-- | nixos/tests/docker-registry.nix | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index e8fbc05423d31..78d1d6339ed65 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -63,6 +63,12 @@ in { type = types.port; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Opens the port used by the firewall."; + }; + storagePath = mkOption { type = types.nullOr types.path; default = "/var/lib/docker-registry"; @@ -154,5 +160,9 @@ in { isSystemUser = true; }; users.groups.docker-registry = {}; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; }; } diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix index db20cb52c3e3a..3969ef3f0226f 100644 --- a/nixos/tests/docker-registry.nix +++ b/nixos/tests/docker-registry.nix @@ -13,7 +13,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { services.dockerRegistry.port = 8080; services.dockerRegistry.listenAddress = "0.0.0.0"; services.dockerRegistry.enableGarbageCollect = true; - networking.firewall.allowedTCPPorts = [ 8080 ]; + services.dockerRegistry.openFirewall = true; }; client1 = { ... }: { |