SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 19:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

meta/ports: Separate tcp and udp lists to avoid false conflicts

Browse source
This commit is contained in:
SebastianStork 2025-08-28 17:44:00 +02:00
parent b51d0d095d
commit e288bb2bf3
19 changed files with 61 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

26
modules/system/meta/ports.nix
View file

@ -10,7 +10,11 @@ let
in in
{ {
options.meta.ports = { options.meta.ports = {
list = lib.mkOption { tcp.list = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [ ];
};
udp.list = lib.mkOption {
type = lib.types.listOf lib.types.port; type = lib.types.listOf lib.types.port;
default = [ ]; default = [ ];
}; };
@ -20,8 +24,9 @@ in
config = lib.mkIf cfg.assertUnique { config = lib.mkIf cfg.assertUnique {
assertions = assertions =
let let
duplicatePorts = findDuplicatePorts =
options.meta.ports.list.definitionsWithLocations protocol:
options.meta.ports.${protocol}.list.definitionsWithLocations
|> lib.concatMap ( |> lib.concatMap (
entry: entry:
entry.value entry.value
@ -33,7 +38,8 @@ in
|> lib.groupBy (entry: builtins.toString entry.port) |> lib.groupBy (entry: builtins.toString entry.port)
|> lib.filterAttrs (_: entries: lib.length entries > 1); |> lib.filterAttrs (_: entries: lib.length entries > 1);
errorMessage = mkErrorMessage =
duplicatePorts:
duplicatePorts duplicatePorts
|> lib.mapAttrsToList ( |> lib.mapAttrsToList (
port: entries: port: entries:
@ -41,11 +47,19 @@ in
+ (entries |> lib.map (entry: " - ${entry.file}") |> lib.concatLines) + (entries |> lib.map (entry: " - ${entry.file}") |> lib.concatLines)
) )
|> lib.concatStrings; |> lib.concatStrings;
duplicateTcpPorts = findDuplicatePorts "tcp";
duplicateUdpPorts = findDuplicatePorts "udp";
in in
[ [
{ {
assertion = duplicatePorts == { }; assertion = duplicateTcpPorts == { };
message = errorMessage; message = mkErrorMessage duplicateTcpPorts;
}
{
assertion = duplicateUdpPorts == { };
message = mkErrorMessage duplicateUdpPorts;
} }
]; ];
}; };

4
modules/system/services/actualbudget.nix
View file

@ -12,14 +12,14 @@ in
}; };
port = lib.mkOption { port = lib.mkOption {
type = lib.types.port; type = lib.types.port;
default = 8888; default = 5006;
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
services.actual = { services.actual = {

2
modules/system/services/alloy.nix
View file

@ -18,7 +18,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
services.alloy = { services.alloy = {

2
modules/system/services/caddy.nix
View file

@ -81,7 +81,7 @@ in
config = lib.mkIf (virtualHosts != { }) ( config = lib.mkIf (virtualHosts != { }) (
lib.mkMerge [ lib.mkMerge [
{ {
meta.ports.list = lib.mkIf nonTailscaleHostsExist ports; meta.ports.tcp.list = lib.mkIf nonTailscaleHostsExist ports;
networking.firewall.allowedTCPPorts = lib.mkIf nonTailscaleHostsExist ports; networking.firewall.allowedTCPPorts = lib.mkIf nonTailscaleHostsExist ports;

2
modules/system/services/crowdsec/default.nix
View file

@ -36,7 +36,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.list = [ meta.ports.tcp.list = [
cfg.apiPort cfg.apiPort
cfg.prometheusPort cfg.prometheusPort
]; ];

2
modules/system/services/forgejo/default.nix
View file

@ -24,7 +24,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
sops.secrets."forgejo/admin-password".owner = config.users.users.forgejo.name; sops.secrets."forgejo/admin-password".owner = config.users.users.forgejo.name;

2
modules/system/services/forgejo/ssh.nix
View file

@ -12,7 +12,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.list = [ cfg.port ]; meta.ports.tcp.list = [ cfg.port ];
services.forgejo.settings.server.SSH_PORT = cfg.port; services.forgejo.settings.server.SSH_PORT = cfg.port;

2
modules/system/services/gatus.nix
View file

@ -75,7 +75,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
sops = { sops = {

2
modules/system/services/grafana.nix
View file

@ -18,7 +18,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
sops.secrets."grafana/admin-password".owner = config.users.users.grafana.name; sops.secrets."grafana/admin-password".owner = config.users.users.grafana.name;

2
modules/system/services/hedgedoc.nix
View file

@ -24,7 +24,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
sops = { sops = {

2
modules/system/services/it-tools.nix
View file

@ -23,7 +23,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
services.static-web-server = { services.static-web-server = {

5
modules/system/services/nextcloud/default.nix
View file

@ -27,7 +27,10 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports = {
tcp.list = [ cfg.port ];
udp.list = [ config.services.postgresql.settings.port ];
};
}; };
sops.secrets."nextcloud/admin-password".owner = user; sops.secrets."nextcloud/admin-password".owner = user;

2
modules/system/services/ntfy.nix
View file

@ -18,7 +18,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
services.ntfy-sh = { services.ntfy-sh = {

2
modules/system/services/openspeedtest.nix
View file

@ -18,7 +18,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
virtualisation.oci-containers.containers.openspeedtest = { virtualisation.oci-containers.containers.openspeedtest = {

2
modules/system/services/radicale.nix
View file

@ -18,7 +18,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
sops = { sops = {

17
modules/system/services/resolved.nix
View file

@ -3,11 +3,18 @@
options.custom.services.resolved.enable = lib.mkEnableOption ""; options.custom.services.resolved.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.resolved.enable { config = lib.mkIf config.custom.services.resolved.enable {
meta.ports.list = [ meta.ports =
53 let
5353 ports = [
5355 53
]; 5353
5355
];
in
{
tcp.list = ports;
udp.list = ports;
};
services.resolved.enable = true; services.resolved.enable = true;
}; };

11
modules/system/services/syncthing.nix
View file

@ -49,10 +49,13 @@ in
meta = { meta = {
domains.list = lib.mkIf cfg.isServer [ cfg.gui.domain ]; domains.list = lib.mkIf cfg.isServer [ cfg.gui.domain ];
ports.list = [ ports = {
cfg.syncPort tcp.list = [
cfg.gui.port cfg.syncPort
]; cfg.gui.port
];
udp.list = [ cfg.syncPort ];
};
}; };
sops.secrets = lib.mkIf useStaticTls { sops.secrets = lib.mkIf useStaticTls {

4
modules/system/services/tailscale.nix
View file

@ -14,7 +14,9 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.list = [ config.services.tailscale.port ]; meta.ports.udp.list = lib.mkIf config.services.tailscale.openFirewall [
config.services.tailscale.port
];
sops.secrets."tailscale/auth-key" = { }; sops.secrets."tailscale/auth-key" = { };

2
modules/system/services/victorialogs.nix
View file

@ -27,7 +27,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = { meta = {
domains.list = [ cfg.domain ]; domains.list = [ cfg.domain ];
ports.list = [ cfg.port ]; ports.tcp.list = [ cfg.port ];
}; };
services.victorialogs = { services.victorialogs = {