diff options
| author | Valentin <valentin@fricklerhandwerk.de> | 2025-11-06 15:41:26 +0100 |
|---|---|---|
| committer | Valentin <valentin@fricklerhandwerk.de> | 2025-11-06 16:46:28 +0100 |
| commit | 3ef375132b8e13fa7ec5a566f0ccfa27d8cda257 (patch) | |
| tree | 83cf15c68e9b5f5b63909048e80b06c588e6b276 | |
| parent | c298e9e2ec45ddfe64fca4ed62f948dc05cde219 (diff) | |
Vereinfachte Handhabung von Ports in der virtuellen Maschine
| -rw-r--r-- | machines.nix | 39 | ||||
| -rw-r--r-- | nextcloud.nix | 12 | ||||
| -rw-r--r-- | www/caddy.nix | 12 |
3 files changed, 48 insertions, 15 deletions
diff --git a/machines.nix b/machines.nix index 8f29ef0..1e7deab 100644 --- a/machines.nix +++ b/machines.nix @@ -102,6 +102,32 @@ in type = types.ints.positive; default = 10000; }; + virtualisation.exposedPorts = mkOption { + description = '' + In der virtuellen Maschine verwendete Ports + + Diese werden mit dem entsprechend angepassten Wert and den Host exponiert. + ''; + type = + with types; + attrsOf (submodule { + options = { + port = mkOption { + type = types.ints.positive; + }; + protocol = mkOption { + type = types.enum [ + "tcp" + "udp" + ]; + default = "tcp"; + }; + }; + }); + default = { + http.port = 800; + }; + }; }; config = { @@ -113,6 +139,19 @@ in }) config.networking.firewall.allowedTCPPorts; services.getty.autologinUser = lib.mkDefault "root"; + networking.firewall = + let + ports = + protocol: + lib.foldlAttrs ( + acc: _name: cfg: + if cfg.protocol == protocol then acc ++ [ cfg.port ] else acc + ) [ ] config.virtualisation.exposedPorts; + in + { + allowedTCPPorts = ports "tcp"; + allowedUDPPorts = ports "udp"; + }; }; }; }; diff --git a/nextcloud.nix b/nextcloud.nix index df89990..eedb507 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -79,13 +79,12 @@ { config, lib, ... }: let - httpPort = 900; nextcloud = config.services.nextcloud.hostName; in { services.nextcloud = { https = lib.mkForce false; - hostName = lib.mkForce "localhost"; + hostName = lib.mkForce "nextcloud.localhost"; }; systemd.tmpfiles.rules = [ @@ -94,14 +93,13 @@ ]; services.caddy.virtualHosts = { - "http://localhost:${toString httpPort}".extraConfig = + "http://${nextcloud}:${toString config.virtualisation.exposedPorts.http.port}".extraConfig = config.services.caddy.virtualHosts.${nextcloud}.extraConfig; }; - networking.firewall.allowedTCPPorts = [ - httpPort - ]; services.getty.helpLine = lib.mkBefore '' - Nextcloud: http://localhost:${toString (config.virtualisation.portOffset + httpPort)} + Nextcloud: http://${nextcloud}:${ + with config.virtualisation; toString (portOffset + exposedPorts.http.port) + } ''; }; }; diff --git a/www/caddy.nix b/www/caddy.nix index 2281464..8797204 100644 --- a/www/caddy.nix +++ b/www/caddy.nix @@ -44,25 +44,21 @@ in lib, ... }: - let - httpPort = 800; - in { services.caddy.globalConfig = '' local_certs ''; services.caddy.virtualHosts = { - "http://localhost:${toString httpPort}".extraConfig = + "http://www.localhost:${toString config.virtualisation.exposedPorts.http.port}".extraConfig = config.services.caddy.virtualHosts.${self.domain}.extraConfig; }; - networking.firewall.allowedTCPPorts = [ - httpPort - ]; systemd.services.caddy.path = [ pkgs.nssTools ]; # Irrelevante Warnung unterdrücken services.getty.helpLine = lib.mkBefore '' - ${self.domain}: http://localhost:${toString (config.virtualisation.portOffset + httpPort)} + ${self.domain}: http://www.localhost:${ + with config.virtualisation; toString (portOffset + exposedPorts.http.port) + } ''; }; }; |