NixOS port allocation

lajp · February 2, 2026, 4:32pm

Hi guys,

I wrote this small post about the system I use for allocating ports on NixOS. It makes port collisions an evaluation error, which is nice when running a system with a lot of web services behind nginx for example. Here’s the link to the post: NixOS port allocation , feel free to discuss below

LorenzBischof · February 3, 2026, 6:31pm

I also posted a blog post about a similar solution a while ago: Detect Port Conflicts in NixOS Services There are also a few posts about prior work in that thread. I think such a solution is very valuable. Thanks for sharing.

garamond · February 3, 2026, 11:14pm

Sweet article, will definitely be trying this out in my homelab in the near future

One think I’m interested in requesting/adding is explicitly calling out where the detected collision occurs. I guess I could search for the number in the repo but there’s a convenience to not requiring git grep imo

_Andrew · February 4, 2026, 6:05am

I’ve just been keeping these in a central list like ids.nix, static so modification of one service doesn’t trigger a restart of others.

{
  options.coordination.ports = mkOption { type = attrsOf int; };

  config.assertions = mapAttrsToList
    (p: ns: { assertion = false; message = "Conflicting allocations of port ${p}: ${concatStringsSep ", " ns}"; })
    (filterAttrs (_: ns: length ns > 1) (groupBy (n: toString ports.${n}) (attrNames ports)));

  config.coordination = {
    ports = {
      uptime-kuma = internal 1;
      prometheus = internal 2;
      grafana = internal 3;
      dokku = internal 4;
      blocky = internal 5;
      blocky-ui = internal 6;
      co2monitor = internal 7;
      busyserve = internal 8;
      change-detection = internal 9;
      webhook = internal 10;
      immich-public-proxy = internal 11;
      dawarich = internal 12;

      graphite = 2003;
      nfs-statd = 4000;
      nfs-lockd = 4001;
      nfs-mountd = 4002;
    };
  };
}

lajp · February 4, 2026, 8:39am

This is a great idea and something I also saw in the implementation shown in the earlier post by @LorenzBischof. I’ll definitely look into implementing something like this

lajp · February 4, 2026, 8:41am

This was one of the options I contemplated and definitely the more simple one. However, I specifically wanted the port allocation requests to live within the service module and not in a centralized place like this. Not having static allocations is a compromise I’m willing to make.

garamond · February 4, 2026, 9:18am

Happy to lend a hand as well, I’m quite busy this week but could take a look next if I’m not stepping on your toes with that

rnhmjoj · February 4, 2026, 9:50am

I think this is a great idea and should be an RFC. NixOS really needs a standard mechanism to track services and port allocations.

Besides detecting collisions, it would also allow to get an overview of everything that’s running on a given system and even generate a custom /etc/services (so tools like iftop -P and ss become actually readable).

borbitter · February 5, 2026, 9:08am

Made a small flake for exactly this purpose

This works with ipv4 adresses, macs and ports using the same mechanism to resolve errors.
The only two current problems are that acessing is sometimes quite cumbersome due to the deep nesting, and that when using multiple levels of nesting it is possible to overwrite values.

Documentation is sadly still lacking. To get a better grasp about how it works just look at the example.nix file

If you notice any problems feel free to open an issue