feat(nixos/forgejo): open firewall if enabled

2025-06-20 08:26:01 +08:00 · 2025-06-20 08:26:01 +08:00 · bfa119df31
commit bfa119df31
parent 70a787f89c
2 changed files with 3 additions and 1 deletions
--- a/modules/nixos/server/web-apps/forgejo/default.nix
+++ b/modules/nixos/server/web-apps/forgejo/default.nix
@ -1,6 +1,6 @@
 { config, lib, ... }:
 let
-  inherit (lib) singleton;
+  inherit (lib) singleton optional;
  inherit (lib.pantheon) mkPortOption;
  inherit (lib.pantheon.modules) mkWebApp;
  cfg = config.server.web-apps.forgejo;
@ -18,6 +18,7 @@ mkWebApp {
    sshPort = mkPortOption 2222;
  };
  extraConfig = {
+    networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort;
    services.forgejo = {
      enable = true;
      settings = {
--- a/systems/x86_64-linux/apollo/default.nix
+++ b/systems/x86_64-linux/apollo/default.nix
@ -34,6 +34,7 @@
      librechat.domain = "chat.bwfiq.com";
      forgejo.enable = true;
      forgejo.domain = "git.rrv.sh";
+      forgejo.openFirewall = true;
      glance.enable = true;
      glance.domain = "glance.bwfiq.com";
    };