TIL: Open a port in the NixOS firewall

2022-02-19 00:00:00 +0000 UTC

While running through this tutorial for a minimal application running on NixOS, I ran into an issue. My test NixOS install is on an ESXi box and I wanted to access my test app from my desktop. The NixOS firewall does not allow external TCP traffic on the default Flask test port 5000.

To open a port on the NixOS firewall, I took these steps:

  1. Open /etc/nix/configuration.nix in a text editor per this documentation.
  2. Add the following line of Nix to the configuration per this documentation:
networking.firewall.allowedTCPPorts = [ 22 5000 ];

for a final configuration.nix of

{ config, pkgs, ...  }:

{
  imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>  ];
  networking.firewall.allowedTCPPorts = [ 22 5000  ];   
}

  1. Run # nix-rebuild test to ensure that I haven’t broken SSH access.

  2. Follow the original tutorial steps to run my test Flask app. Then open <local_ip>:5000 in my desktop browser.

  3. If I want to keep this test port open permanently, I can now run # nix-rebuild switch.

Tags: til nixos linux networking