containers

modules/nixos/services/actual/default.nix

@@ -65,19 +65,6 @@ let
           };
         };
       };
-
-      networking = {
-        firewall = {
-          enable = true;
-          allowedTCPPorts = [ cfg.port ];
-        };
-        # Use systemd-resolved inside the container
-        # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-        useHostResolvConf = lib.mkForce false;
-      };
-
-      services.resolved.enable = true;
-      system.stateVersion = "23.11";
     };
 
   bindMounts = {
@@ -99,7 +86,7 @@ let
     (lib.${namespace}.mkContainer {
       name = "actual";
       localAddress = cfg.localAddress;
-      port = cfg.port;
+      ports = [ cfg.port ];
       bindMounts = bindMounts;
       config = actualConfig;
     })

modules/nixos/services/gitea/default.nix

@@ -14,7 +14,7 @@ let
   metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
 
   serviceConfig =
-    { lib, ... }:
+    { ... }:
     {
       services.gitea = {
         enable = true;
@@ -48,19 +48,6 @@ let
         extraGroups = [ "keys" ];
       };
 
-      networking = {
-        firewall = {
-          enable = true;
-          allowedTCPPorts = [
-            cfg.httpPort
-            cfg.sshPort
-          ];
-        };
-        # Use systemd-resolved inside the container
-        # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-        useHostResolvConf = lib.mkForce false;
-      };
-
       # Create and set permissions for required directories
       system.activationScripts.gitea-dirs = ''
         mkdir -p /var/lib/gitea
@@ -70,9 +57,6 @@ let
         chown -R gitea:gitea /run/secrets/jallen-nas
         chmod -R 775 /run/secrets/jallen-nas
       '';
-
-      services.resolved.enable = true;
-      system.stateVersion = "23.11";
     };
 
   bindMounts = {
@@ -99,7 +83,10 @@ let
     (lib.${namespace}.mkContainer {
       name = "gitea";
       localAddress = cfg.localAddress;
-      port = cfg.httpPort;
+      ports = [
+        cfg.httpPort
+        cfg.sshPort
+      ];
       bindMounts = bindMounts;
       config = serviceConfig;
     })

modules/nixos/services/matrix/default.nix

@@ -117,18 +117,6 @@ let
         }
       ];
     };
-
-    networking = {
-      firewall = {
-        enable = true;
-        allowedTCPPorts = [ cfg.port ];
-        allowedUDPPorts = [ cfg.port ];
-      };
-      # Use systemd-resolved inside the container
-      # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-      useHostResolvConf = lib.mkForce false;
-    };
-    services.resolved.enable = true;
   };
 
   bindMounts = {
@@ -150,7 +138,7 @@ let
     (lib.${namespace}.mkContainer {
       name = "matrix-synapse";
       localAddress = cfg.localAddress;
-      port = cfg.port;
+      ports = [ cfg.port ];
       bindMounts = bindMounts;
       config = matrixConfig;
     })

modules/nixos/services/ntfy/default.nix

@@ -30,18 +30,6 @@ let
         };
       };
     };
-
-    networking = {
-      firewall = {
-        enable = true;
-        allowedTCPPorts = [ cfg.port ];
-        allowedUDPPorts = [ cfg.port ];
-      };
-      # Use systemd-resolved inside the container
-      # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
-      useHostResolvConf = lib.mkForce false;
-    };
-    services.resolved.enable = true;
     # Create and set permissions for required directories
     system.activationScripts.ntfy-dirs = ''
       mkdir -p /var/lib/ntfy-sh
@@ -75,7 +63,7 @@ let
     (lib.${namespace}.mkContainer {
       name = "ntfy";
       localAddress = cfg.localAddress;
-      port = cfg.port;
+      ports = [ cfg.port ];
       bindMounts = bindMounts;
       config = ntfyConfig;
     })