Nixops - how to configure network

I am trying to learn how to use nixops. I am testing the 1.7 manual description, slightly modified.

  network.description = "valgrind documentation";

  valdoc =
    { config, pkgs, ... }:
      services.httpd.enable = true;
      services.httpd.adminAddr = "";
      #services.httpd.documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
      services.httpd.virtualHosts."valgrind-docs" = {
        documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
      networking.firewall.allowedTCPPorts = [ 80 ];

Is opening of tcp port 80, also necessary on my host? Or will nixops take care of that?

Also, it seems I am able to reach the webserver from host machine directly, but if I try from another machine, I am not able to reach it (I have opened port 80 also on the host). Do I need to configure the vbox network in addition to nixops?

Last question, am I able to deploy a vm on a different machine using nixops? leaving the host machine for that vm, not knowing about anything related to nixops?

Seems you can use the vmFlags to specify port forwarding to the vbox network:

deployment.virtualbox.vmFlags = [
        "--natpf1" "ssh,tcp,,3322,,22"
        "--natpf1" "http,tcp,,3380,,80"
        "--natpf1" "https,tcp,,3343,,443"


The only caveat, is that you can not do forwarding of ports below 1024. With webservices, you would need to run a proxy on the host. Not sure this will work for all kind of services though … Maybe iptables is the best way to solve this?

This works sort of, but using virtualbox, you have to use the dhcp service of the virtual network. That is not working if there are services needing a static ip address in their configuration.