From d31cbb78caf3513e43e758f85d509fa383887806 Mon Sep 17 00:00:00 2001
From: Christina Sørensen <christina@cafkafk.com>
Date: Thu, 29 Feb 2024 09:54:20 +0100
Subject: nixos/dockerRegistry: add `openFirewall` option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christina Sørensen <christina@cafkafk.com>
---
 nixos/modules/services/misc/docker-registry.nix | 10 ++++++++++
 nixos/tests/docker-registry.nix                 |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix
index e8fbc05423d31..78d1d6339ed65 100644
--- a/nixos/modules/services/misc/docker-registry.nix
+++ b/nixos/modules/services/misc/docker-registry.nix
@@ -63,6 +63,12 @@ in {
       type = types.port;
     };
 
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc "Opens the port used by the firewall.";
+    };
+
     storagePath = mkOption {
       type = types.nullOr types.path;
       default = "/var/lib/docker-registry";
@@ -154,5 +160,9 @@ in {
         isSystemUser = true;
       };
     users.groups.docker-registry = {};
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
   };
 }
diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix
index db20cb52c3e3a..3969ef3f0226f 100644
--- a/nixos/tests/docker-registry.nix
+++ b/nixos/tests/docker-registry.nix
@@ -13,7 +13,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
       services.dockerRegistry.port = 8080;
       services.dockerRegistry.listenAddress = "0.0.0.0";
       services.dockerRegistry.enableGarbageCollect = true;
-      networking.firewall.allowedTCPPorts = [ 8080 ];
+      services.dockerRegistry.openFirewall = true;
     };
 
     client1 = { ... }: {
-- 
cgit 1.4.1