From d1f57cbaf02be1ea3434563446c417ef98748568 Mon Sep 17 00:00:00 2001 From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> Date: Wed, 10 Mar 2021 21:56:11 +0100 Subject: [PATCH] nixos/spacecookie: add openFirewall option Convenience shortcut which automatically configures the firewall to open the port which is also configured for the spacecookie service. --- nixos/modules/services/networking/spacecookie.nix | 15 +++++++++++++-- nixos/tests/spacecookie.nix | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/networking/spacecookie.nix b/nixos/modules/services/networking/spacecookie.nix index 4ddb137876d..adba0fbfbf2 100644 --- a/nixos/modules/services/networking/spacecookie.nix +++ b/nixos/modules/services/networking/spacecookie.nix @@ -37,12 +37,19 @@ in { ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to open the necessary port in the firewall for spacecookie. + ''; + }; + port = mkOption { type = types.port; default = 70; description = '' - Port the gopher service should be exposed on. The - firewall is not opened automatically. + Port the gopher service should be exposed on. ''; }; @@ -100,5 +107,9 @@ in { RestrictAddressFamilies = "AF_UNIX AF_INET6"; }; }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; }; } diff --git a/nixos/tests/spacecookie.nix b/nixos/tests/spacecookie.nix index d3411da8e92..19db520984b 100644 --- a/nixos/tests/spacecookie.nix +++ b/nixos/tests/spacecookie.nix @@ -9,7 +9,6 @@ in name = "spacecookie"; nodes = { ${gopherHost} = { - networking.firewall.allowedTCPPorts = [ 70 ]; systemd.services.spacecookie = { preStart = '' mkdir -p ${gopherRoot}/directory @@ -21,6 +20,7 @@ in enable = true; root = gopherRoot; hostname = gopherHost; + openFirewall = true; }; };