diff --git a/custom-utils/default.nix b/custom-utils/default.nix index 101f08c..9bc4a53 100644 --- a/custom-utils/default.nix +++ b/custom-utils/default.nix @@ -1,33 +1,5 @@ { lib, ... }: -let - filterPort = pm: port: ( - lib.attrsets.catAttrs port ( - lib.attrsets.attrValues ( - lib.attrsets.filterAttrs (_: v: v ? "${port}") pm - ) - ) - ); - onlyUniqueItemsInList = x: lib.lists.length x == lib.lists.length (lib.lists.unique x); - protocols = x: lib.lists.unique (lib.flatten (map builtins.attrNames (lib.attrValues x))); - mkRange = x: lib.lists.range (builtins.elemAt x 0) (builtins.elemAt x 1); - validateList = allowed: builtins.all (x: builtins.elem x allowed); -in { - validatePortAttrset = portmap: - if ! onlyUniqueItemsInList (lib.flatten (map - (x: - if lib.isInt x then x - else if lib.isList x then x - else if lib.isAttrs x then - ( - if ! validateList [ "range" ] (builtins.attrNames x) then builtins.abort "found invalid attribute name" - else if x ? "range" then if lib.lists.length x.range == 2 then mkRange x.range else builtins.abort "range needs a list with exactly two items" - else builtins.abort "found invalid attrset" - ) - else builtins.abort "found invalid entry in portmap" - ) - (filterPort portmap "udp"))) then builtins.abort "Found duplicate ports." - else if ! validateList [ "tcp" "udp" ] (protocols portmap) then builtins.abort "Found invalid protocol." - else portmap; + validatePortAttrset = import ./ports.nix { inherit lib; }; } diff --git a/custom-utils/ports.nix b/custom-utils/ports.nix index 101f08c..a8d1a54 100644 --- a/custom-utils/ports.nix +++ b/custom-utils/ports.nix @@ -9,25 +9,25 @@ let ) ); onlyUniqueItemsInList = x: lib.lists.length x == lib.lists.length (lib.lists.unique x); - protocols = x: lib.lists.unique (lib.flatten (map builtins.attrNames (lib.attrValues x))); - mkRange = x: lib.lists.range (builtins.elemAt x 0) (builtins.elemAt x 1); - validateList = allowed: builtins.all (x: builtins.elem x allowed); + mkRange = { from, to }: (lib.lists.range from to); in -{ - validatePortAttrset = portmap: - if ! onlyUniqueItemsInList (lib.flatten (map - (x: - if lib.isInt x then x - else if lib.isList x then x - else if lib.isAttrs x then - ( - if ! validateList [ "range" ] (builtins.attrNames x) then builtins.abort "found invalid attribute name" - else if x ? "range" then if lib.lists.length x.range == 2 then mkRange x.range else builtins.abort "range needs a list with exactly two items" - else builtins.abort "found invalid attrset" - ) - else builtins.abort "found invalid entry in portmap" - ) - (filterPort portmap "udp"))) then builtins.abort "Found duplicate ports." - else if ! validateList [ "tcp" "udp" ] (protocols portmap) then builtins.abort "Found invalid protocol." - else portmap; -} +portmap: +if builtins.all + ( + proto: + if onlyUniqueItemsInList + ( + lib.flatten ( + map + (x: + if lib.isInt x then x + else if lib.isList x then x + else if lib.isAttrs x then mkRange x + else builtins.abort "found invalid entry in portmap" + ) + (filterPort portmap proto) + ) + ) then true else builtins.abort "Found duplicate ${proto} ports." + ) [ "tcp" "udp" ] +then portmap +else builtins.abort "Found duplicate ports." diff --git a/hosts/aluminium/configuration.nix b/hosts/aluminium/configuration.nix index 43c1b5d..fabaecc 100644 --- a/hosts/aluminium/configuration.nix +++ b/hosts/aluminium/configuration.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ../../users/jalr ./services + ./ports.nix ]; services.openssh.enable = true; diff --git a/hosts/aluminium/ports.nix b/hosts/aluminium/ports.nix index f07e09d..f83f360 100644 --- a/hosts/aluminium/ports.nix +++ b/hosts/aluminium/ports.nix @@ -1,14 +1,16 @@ { custom-utils, ... }: -custom-utils.validatePortAttrset { - asterisk-rtp = { udp.range = [ 10000 10200 ]; }; - doorbell-audiosocket.tcp = 9092; - doorbell-webrtc-ice.tcp = 8189; - doorbell-webrtc.tcp = 8889; - esphome.tcp = 6052; - home-assistant.tcp = 8123; - nginx-http.tcp = 80; - nginx-https.tcp = 443; - unifi-inform.tcp = 8080; - unifi-ui.tcp = 8443; +{ + config.networking.ports = custom-utils.validatePortAttrset { + asterisk-rtp.udp = { from = 10000; to = 10200; }; + doorbell-audiosocket.tcp = 9092; + doorbell-webrtc-ice.tcp = 8189; + doorbell-webrtc.tcp = 8889; + esphome.tcp = 6052; + home-assistant.tcp = 8123; + nginx-http.tcp = 80; + nginx-https.tcp = 443; + unifi-inform.tcp = 8080; + unifi-ui.tcp = 8443; + }; } diff --git a/hosts/aluminium/services/asterisk/default.nix b/hosts/aluminium/services/asterisk/default.nix index 1fe50cb..88eee25 100644 --- a/hosts/aluminium/services/asterisk/default.nix +++ b/hosts/aluminium/services/asterisk/default.nix @@ -1,16 +1,12 @@ -args@{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let - ports = import ../../ports.nix args; + inherit (config.networking) ports; secretConfigFiles = [ "ari" "pjsip" "voicemail" ]; - rtp = { - start = builtins.elemAt ports.asterisk-rtp.udp.range 0; - end = builtins.elemAt ports.asterisk-rtp.udp.range 1; - }; voicemail-sounds = pkgs.callPackage ./voicemail-sounds { }; in { @@ -142,8 +138,8 @@ in ''; "rtp.conf" = '' [general] - rtpstart=${toString rtp.start} - rtpend=${toString rtp.end} + rtpstart=${toString ports.asterisk-rtp.udp.from} + rtpend=${toString ports.asterisk-rtp.udp.to} ''; "dnsmgr.conf" = '' [general] @@ -167,12 +163,7 @@ in (lib.listToAttrs (map (name: lib.nameValuePair name { }) secretConfigFiles)); networking.firewall = { - allowedUDPPortRanges = [ - { - from = rtp.start; - to = rtp.end; - } - ]; + allowedUDPPortRanges = lib.singleton ports.asterisk-rtp.udp; interfaces.voice = { allowedTCPPorts = [ 5060 ]; allowedUDPPorts = [ 5060 ]; diff --git a/hosts/aluminium/services/doorbell.nix b/hosts/aluminium/services/doorbell.nix index 7d2f45d..9d8c5af 100644 --- a/hosts/aluminium/services/doorbell.nix +++ b/hosts/aluminium/services/doorbell.nix @@ -1,7 +1,7 @@ -args@{ config, ... }: +{ config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { sops.secrets.myintercom-doorbell-password = { diff --git a/hosts/aluminium/services/esphome/default.nix b/hosts/aluminium/services/esphome/default.nix index bf8f9bc..144bb06 100644 --- a/hosts/aluminium/services/esphome/default.nix +++ b/hosts/aluminium/services/esphome/default.nix @@ -1,6 +1,6 @@ -args@{ lib, pkgs, config, ... }: +{ lib, pkgs, config, ... }: let - ports = import ../../ports.nix args; + inherit (config.networking) ports; cfgdir = pkgs.stdenvNoCC.mkDerivation { name = "esphome-config"; src = ./devices; diff --git a/hosts/aluminium/services/home-assistant.nix b/hosts/aluminium/services/home-assistant.nix index bab9944..633b210 100644 --- a/hosts/aluminium/services/home-assistant.nix +++ b/hosts/aluminium/services/home-assistant.nix @@ -1,6 +1,6 @@ -args@{ pkgs, config, ... }: +{ pkgs, config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { services.home-assistant = { diff --git a/hosts/aluminium/services/nginx.nix b/hosts/aluminium/services/nginx.nix index b2e020e..6eb78ee 100644 --- a/hosts/aluminium/services/nginx.nix +++ b/hosts/aluminium/services/nginx.nix @@ -1,7 +1,7 @@ -args: +{ config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { services.nginx = { diff --git a/hosts/aluminium/services/unifi-controller.nix b/hosts/aluminium/services/unifi-controller.nix index deeae22..f5a70a9 100644 --- a/hosts/aluminium/services/unifi-controller.nix +++ b/hosts/aluminium/services/unifi-controller.nix @@ -1,7 +1,7 @@ -args@{ pkgs, ... }: +{ config, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { services.unifi = { diff --git a/hosts/iron/configuration.nix b/hosts/iron/configuration.nix index 789aca1..3c47261 100644 --- a/hosts/iron/configuration.nix +++ b/hosts/iron/configuration.nix @@ -34,6 +34,7 @@ with lib; { imports = [ ../../users/jalr ./services + ./ports.nix ]; config = { system.stateVersion = "23.11"; diff --git a/hosts/iron/ports.nix b/hosts/iron/ports.nix index 9c3a7fc..679a355 100644 --- a/hosts/iron/ports.nix +++ b/hosts/iron/ports.nix @@ -1,28 +1,30 @@ { custom-utils, ... }: -custom-utils.validatePortAttrset { - calibre-server.tcp = 8081; - calibre-web.tcp = 8082; - esphome.tcp = 6052; - home-assistant.tcp = 8123; - jellyfin.tcp = 8096; - matrix-synapse.tcp = 8008; - mautrix-signal.tcp = 29319; - mautrix-whatsapp.tcp = 29318; - mqtt.tcp = 1883; - navidrome.tcp = 4533; - nginx-http.tcp = 80; - nginx-https.tcp = 443; - postfix-relay.tcp = 25; - postfix-submission.tcp = [ 465 ]; - qbittorrent-torrent.tcp = 59832; - qbittorrent-webui.tcp = 8099; - radicale.tcp = 5232; - rmfakecloud.tcp = 3000; - snapserver.tcp = 1704; - snapserverTcp.tcp = 1705; - snapserverHttp.tcp = 1780; - unifi-http.tcp = 8080; - unifi-https.tcp = 8443; - wireguard-public-ip-tunnel.udp = 51000; +{ + config.networking.ports = custom-utils.validatePortAttrset { + calibre-server.tcp = 8081; + calibre-web.tcp = 8082; + esphome.tcp = 6052; + home-assistant.tcp = 8123; + jellyfin.tcp = 8096; + matrix-synapse.tcp = 8008; + mautrix-signal.tcp = 29319; + mautrix-whatsapp.tcp = 29318; + mqtt.tcp = 1883; + navidrome.tcp = 4533; + nginx-http.tcp = 80; + nginx-https.tcp = 443; + postfix-relay.tcp = 25; + postfix-submission.tcp = 465; + qbittorrent-torrent.tcp = 59832; + qbittorrent-webui.tcp = 8099; + radicale.tcp = 5232; + rmfakecloud.tcp = 3000; + snapserver.tcp = 1704; + snapserverTcp.tcp = 1705; + snapserverHttp.tcp = 1780; + unifi-http.tcp = 8080; + unifi-https.tcp = 8443; + wireguard-public-ip-tunnel.udp = 51000; + }; } diff --git a/hosts/iron/services/calibre.nix b/hosts/iron/services/calibre.nix index 831cbce..90f0b83 100644 --- a/hosts/iron/services/calibre.nix +++ b/hosts/iron/services/calibre.nix @@ -1,6 +1,6 @@ -args@{ lib, config, ... }: +{ lib, config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { sops.secrets.calibre-htpasswd = { diff --git a/hosts/iron/services/esphome/default.nix b/hosts/iron/services/esphome/default.nix index b49ec96..cf83681 100644 --- a/hosts/iron/services/esphome/default.nix +++ b/hosts/iron/services/esphome/default.nix @@ -1,6 +1,6 @@ -args@{ lib, pkgs, config, ... }: +{ lib, pkgs, config, ... }: let - ports = import ../../ports.nix args; + inherit (config.networking) ports; cfgdir = pkgs.stdenvNoCC.mkDerivation { name = "esphome-config"; src = ./devices; diff --git a/hosts/iron/services/home-assistant.nix b/hosts/iron/services/home-assistant.nix index 8901256..fb520a9 100644 --- a/hosts/iron/services/home-assistant.nix +++ b/hosts/iron/services/home-assistant.nix @@ -1,6 +1,6 @@ -args@{ lib, pkgs, config, ... }: +{ lib, pkgs, config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; interfaces = import ../interfaces.nix; domain = "hass.jalr.de"; in diff --git a/hosts/iron/services/jellyfin.nix b/hosts/iron/services/jellyfin.nix index 2f0230f..ad5e9a0 100644 --- a/hosts/iron/services/jellyfin.nix +++ b/hosts/iron/services/jellyfin.nix @@ -1,6 +1,6 @@ -args@{ lib, ... }: +{ config, lib, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { services.jellyfin = { diff --git a/hosts/iron/services/mail.nix b/hosts/iron/services/mail.nix index db2c2d2..c18aae9 100644 --- a/hosts/iron/services/mail.nix +++ b/hosts/iron/services/mail.nix @@ -1,7 +1,7 @@ -args: +{ config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { #sops.secrets."domain_key_jalr.de" = { diff --git a/hosts/iron/services/matrix.nix b/hosts/iron/services/matrix.nix index 4f7dd3d..f325a9b 100644 --- a/hosts/iron/services/matrix.nix +++ b/hosts/iron/services/matrix.nix @@ -1,7 +1,7 @@ -args@{ config, pkgs, ... }: +{ config, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; signalPhoneNumber = "+4915566437153"; signalUser = "jalr"; in diff --git a/hosts/iron/services/navidrome.nix b/hosts/iron/services/navidrome.nix index 054f38f..e36bef4 100644 --- a/hosts/iron/services/navidrome.nix +++ b/hosts/iron/services/navidrome.nix @@ -1,7 +1,7 @@ -args@{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; settings = { # https://www.navidrome.org/docs/usage/configuration-options/#available-options Address = "127.0.0.1"; diff --git a/hosts/iron/services/nginx.nix b/hosts/iron/services/nginx.nix index b2e020e..6eb78ee 100644 --- a/hosts/iron/services/nginx.nix +++ b/hosts/iron/services/nginx.nix @@ -1,7 +1,7 @@ -args: +{ config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { services.nginx = { diff --git a/hosts/iron/services/public-ip-tunnel.nix b/hosts/iron/services/public-ip-tunnel.nix index 67ee737..92d6f29 100644 --- a/hosts/iron/services/public-ip-tunnel.nix +++ b/hosts/iron/services/public-ip-tunnel.nix @@ -1,7 +1,7 @@ -args@{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; listenPort = ports.wireguard-public-ip-tunnel.udp; remoteHost = "magnesium.jalr.de"; remotePort = 51000; diff --git a/hosts/iron/services/radicale.nix b/hosts/iron/services/radicale.nix index 7f327b6..f0aa757 100644 --- a/hosts/iron/services/radicale.nix +++ b/hosts/iron/services/radicale.nix @@ -1,7 +1,7 @@ -args@{ config, ... }: +{ config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { sops.secrets.radicale-htpasswd = { diff --git a/hosts/iron/services/remarkable.nix b/hosts/iron/services/remarkable.nix index b3d6938..5080072 100644 --- a/hosts/iron/services/remarkable.nix +++ b/hosts/iron/services/remarkable.nix @@ -1,6 +1,6 @@ -args@{ lib, config, pkgs, ... }: +{ lib, config, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; domain = "rmfakecloud.jalr.de"; cfg = config.services.rmfakecloud; mkEnvironment = settings: lib.strings.concatLines ( diff --git a/hosts/iron/services/snapcast/snapserver.nix b/hosts/iron/services/snapcast/snapserver.nix index 3aa31ff..0d44d04 100644 --- a/hosts/iron/services/snapcast/snapserver.nix +++ b/hosts/iron/services/snapcast/snapserver.nix @@ -1,6 +1,6 @@ -args@{ lib, pkgs, config, ... }: +{ lib, pkgs, config, ... }: let - ports = import ../../ports.nix args; + inherit (config.networking) ports; interfaces = import ../../interfaces.nix; in { diff --git a/hosts/iron/services/sturzbach.nix b/hosts/iron/services/sturzbach.nix index ce7cbe6..4f02a9a 100644 --- a/hosts/iron/services/sturzbach.nix +++ b/hosts/iron/services/sturzbach.nix @@ -1,7 +1,7 @@ -args: +{ config, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; in { jalr.qbittorrent = { diff --git a/hosts/iron/services/unifi-controller.nix b/hosts/iron/services/unifi-controller.nix index 841fdba..87144fa 100644 --- a/hosts/iron/services/unifi-controller.nix +++ b/hosts/iron/services/unifi-controller.nix @@ -1,7 +1,7 @@ -args@{ pkgs, ... }: +{ config, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; interfaces = import ../interfaces.nix; in { diff --git a/hosts/iron/services/whatsapp.nix b/hosts/iron/services/whatsapp.nix index 6ef117c..19c2dae 100644 --- a/hosts/iron/services/whatsapp.nix +++ b/hosts/iron/services/whatsapp.nix @@ -1,7 +1,7 @@ -args@{ pkgs, ... }: +{ config, pkgs, ... }: let - ports = import ../ports.nix args; + inherit (config.networking) ports; shutdownAndroidVm = pkgs.writeShellScript "shutdown-android-vm" '' set -e export PATH=${pkgs.lib.makeBinPath [pkgs.libvirt pkgs.gnused pkgs.android-tools]} diff --git a/hosts/magnesium/ports.nix b/hosts/magnesium/ports.nix index 79e6a0b..52d3ddf 100644 --- a/hosts/magnesium/ports.nix +++ b/hosts/magnesium/ports.nix @@ -1,5 +1,7 @@ +{ custom-utils, ... }: + { - config.networking.ports = { + config.networking.ports = custom-utils.validatePortAttrset { coturn-cli.tcp = 5766; coturn-plain = { tcp = [ 3478 3479 ]; udp = [ 3478 3479 ]; }; coturn-relay.udp = { from = 49160; to = 49200; }; diff --git a/hosts/magnesium/services/coturn.nix b/hosts/magnesium/services/coturn.nix index e48af8b..d9e8447 100644 --- a/hosts/magnesium/services/coturn.nix +++ b/hosts/magnesium/services/coturn.nix @@ -3,7 +3,7 @@ let cfg = config.services.coturn; fqdn = "turn.jalr.de"; - ports = config.networking.ports; + inherit (config.networking) ports; in { sops.secrets.turn-static-auth-secret = { diff --git a/hosts/magnesium/services/forgejo.nix b/hosts/magnesium/services/forgejo.nix index 459e6e4..98ec795 100644 --- a/hosts/magnesium/services/forgejo.nix +++ b/hosts/magnesium/services/forgejo.nix @@ -2,7 +2,7 @@ let domain = "git.jalr.de"; cfg = config.services.forgejo; - ports = config.networking.ports; + inherit (config.networking) ports; in { sops.secrets.forgejo-mail = { diff --git a/hosts/magnesium/services/hedgedoc.nix b/hosts/magnesium/services/hedgedoc.nix index aa9f1f8..44db703 100644 --- a/hosts/magnesium/services/hedgedoc.nix +++ b/hosts/magnesium/services/hedgedoc.nix @@ -3,7 +3,7 @@ let domain = "pad.jalr.de"; cfg = config.services.hedgedoc; - ports = config.networking.ports; + inherit (config.networking) ports; in { sops.secrets.hedgedoc-session-secret = { diff --git a/hosts/magnesium/services/ntfy.nix b/hosts/magnesium/services/ntfy.nix index 17848fa..16f9129 100644 --- a/hosts/magnesium/services/ntfy.nix +++ b/hosts/magnesium/services/ntfy.nix @@ -3,7 +3,7 @@ let cfg = config.services.ntfy-sh; domain = "ntfy.jalr.de"; datadir = "/var/lib/ntfy-sh"; - ports = config.networking.ports; + inherit (config.networking) ports; in { # ntfy access --auth-file /var/lib/private/ntfy-sh/user.db '*' 'up*' write-only diff --git a/hosts/magnesium/services/public-ip-tunnel.nix b/hosts/magnesium/services/public-ip-tunnel.nix index 80a9800..f8fb289 100644 --- a/hosts/magnesium/services/public-ip-tunnel.nix +++ b/hosts/magnesium/services/public-ip-tunnel.nix @@ -3,7 +3,7 @@ let listenPort = ports.wireguard-public-ip-tunnel.udp; publicKey = "GCmQs7upvDYFueEfqD2yJkkOZg3K7YaGluWWzdjsyTo="; - ports = config.networking.ports; + inherit (config.networking) ports; in { sops.secrets = lib.listToAttrs (map diff --git a/hosts/magnesium/services/trilium.nix b/hosts/magnesium/services/trilium.nix index 964db27..c61c5cf 100644 --- a/hosts/magnesium/services/trilium.nix +++ b/hosts/magnesium/services/trilium.nix @@ -2,7 +2,7 @@ let domain = "notes.jalr.de"; - ports = config.networking.ports; + inherit (config.networking) ports; in { services.trilium-server = { diff --git a/hosts/magnesium/services/webserver.nix b/hosts/magnesium/services/webserver.nix index c0aa71f..a30a098 100644 --- a/hosts/magnesium/services/webserver.nix +++ b/hosts/magnesium/services/webserver.nix @@ -3,7 +3,7 @@ let domain = "jalr.de"; matrixDomain = "matrix.jalr.de"; - ports = config.networking.ports; + inherit (config.networking) ports; in { networking.firewall.allowedTCPPorts = [ ports.nginx-http.tcp ports.nginx-https.tcp ]; diff --git a/hosts/weinturm-pretix-prod/configuration.nix b/hosts/weinturm-pretix-prod/configuration.nix index 694dc1b..774ab83 100644 --- a/hosts/weinturm-pretix-prod/configuration.nix +++ b/hosts/weinturm-pretix-prod/configuration.nix @@ -3,6 +3,7 @@ ./hardware-configuration.nix ../../users/jalr ./services + ./ports.nix ]; networking.hostName = "weinturm-pretix-prod"; diff --git a/hosts/weinturm-pretix-prod/ports.nix b/hosts/weinturm-pretix-prod/ports.nix index cabfead..c41bae4 100644 --- a/hosts/weinturm-pretix-prod/ports.nix +++ b/hosts/weinturm-pretix-prod/ports.nix @@ -1,8 +1,10 @@ { custom-utils, ... }: -custom-utils.validatePortAttrset { - nginx-http.tcp = 80; - nginx-https.tcp = 443; - ports.postfix-relay.tcp = 25; - ports.postfix-submission.tcp = [ 465 ]; +{ + config.networking.ports = custom-utils.validatePortAttrset { + nginx-http.tcp = 80; + nginx-https.tcp = 443; + postfix-relay.tcp = 25; + postfix-submission.tcp = 465; + }; } diff --git a/hosts/weinturm-pretix-prod/services/pretix.nix b/hosts/weinturm-pretix-prod/services/pretix.nix index 174c68d..94fa3ab 100644 --- a/hosts/weinturm-pretix-prod/services/pretix.nix +++ b/hosts/weinturm-pretix-prod/services/pretix.nix @@ -1,8 +1,8 @@ -args@{ config, lib, ... }: +{ config, lib, ... }: let cfg = config.services.pretix; - ports = import ../ports.nix args; + inherit (config.networking) ports; domain = "tickets.weinturm-open-air.de"; extraDomains = [ "tickets.weinturm.jalr.de" diff --git a/modules/networking/ports.nix b/modules/networking/ports.nix index 74293ac..3e656aa 100644 --- a/modules/networking/ports.nix +++ b/modules/networking/ports.nix @@ -1,16 +1,16 @@ -{lib, ...}: +{ lib, ... }: { options.networking.ports = with lib; with lib.types; mkOption { type = attrsOf (types.submodule { options = { tcp = mkOption { - type = oneOf [ port (listOf port) (attrsOf port) (listOf (attrsOf lib.types.port)) ]; + type = oneOf [ port (listOf port) (attrsOf port) ]; description = "TCP ports"; default = [ ]; }; udp = mkOption { - type = oneOf [ port (listOf port) (attrsOf port) (listOf (attrsOf lib.types.port)) ]; + type = oneOf [ port (listOf port) (attrsOf port) ]; description = "UDP ports"; default = [ ]; };