diff options
| author | Christina Sørensen <christina@cafkafk.com> | 2024-02-29 09:54:20 +0100 |
|---|---|---|
| committer | Christina Sørensen <christina@cafkafk.com> | 2024-03-01 09:56:03 +0100 |
| commit | d31cbb78caf3513e43e758f85d509fa383887806 (patch) | |
| tree | 5ef935f25ddcebb0112866b1da9b4fd64d6ca265 /nixos | |
| parent | fdfe8b3a0cb581dc2ba28258cb56fd7c9217d9c2 (diff) | |
nixos/dockerRegistry: add `openFirewall` option
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/misc/docker-registry.nix | 10 | ||||
| -rw-r--r-- | nixos/tests/docker-registry.nix | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index e8fbc05423d31..78d1d6339ed65 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -63,6 +63,12 @@ in { type = types.port; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Opens the port used by the firewall."; + }; + storagePath = mkOption { type = types.nullOr types.path; default = "/var/lib/docker-registry"; @@ -154,5 +160,9 @@ in { isSystemUser = true; }; users.groups.docker-registry = {}; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; }; } diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix index db20cb52c3e3a..3969ef3f0226f 100644 --- a/nixos/tests/docker-registry.nix +++ b/nixos/tests/docker-registry.nix @@ -13,7 +13,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { services.dockerRegistry.port = 8080; services.dockerRegistry.listenAddress = "0.0.0.0"; services.dockerRegistry.enableGarbageCollect = true; - networking.firewall.allowedTCPPorts = [ 8080 ]; + services.dockerRegistry.openFirewall = true; }; client1 = { ... }: { |