Instead of defining allowedTCPPorts in one place, I’d like to add ports to it multiple places in the configuration.nix file, so that I add ports next services, so that it’s easier to read.
How can I append a port to allowedTCPPorts?
Instead of defining allowedTCPPorts in one place, I’d like to add ports to it multiple places in the configuration.nix file, so that I add ports next services, so that it’s easier to read.
How can I append a port to allowedTCPPorts?
You can just set them, if they’re in separate modules, and the module system will take care of concatenating them for you.
In the same module (ie a single configuration.nix
file) you’ll need to assemble the list from parts. This isn’t particularly simple, at least not in the way you might be thinking of from other languages, because of the way nix works (bindings aren’t mutable). There are ways to do it, but it ends up with more syntax that maybe obscures the intent.
So, the actual answer is maybe to think about structure more broadly, and:
services.*
or programs.*
modules that will enable the firewall for you, rather than just adding the package and manual config@famadorian adding to the info of @uep , I for instance have split out most specific config items (e.g. services.
) to one or more external nix
files that are in configuration.nix
’s imports = [ ... ]
. In one such file that uses a module that doesn’t handle firewall ports, like services.nomad
, I then put networking.firewall.interfaces."wg_nomad" = { allowedTCPPorts = [ ... ]; ... };
in there. Due to nix
’s module attribute auto-merging behaviour, this should bring a convenient UX/DX:
configuration.nix
your firewall will automatically be adapted as wellYeah, sorry, forgot to say thanks and mark it as solved, here; thanks again;)