public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/spacecookie: add openFirewall option 

Convenience shortcut which automatically configures the firewall to open
the port which is also configured for the spacecookie service.
This commit is contained in:
sternenseemann 2021-03-10 21:56:11 +01:00 committed by sterni
parent 58be28d7ce
commit d1f57cbaf0
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
nixos/modules/services/networking/spacecookie.nix
View File

@ -37,12 +37,19 @@ in {
''; '';
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the necessary port in the firewall for spacecookie.
'';
};
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 70; default = 70;
description = '' description = ''
Port the gopher service should be exposed on. The Port the gopher service should be exposed on.
firewall is not opened automatically.
''; '';
}; };
@ -100,5 +107,9 @@ in {
RestrictAddressFamilies = "AF_UNIX AF_INET6"; RestrictAddressFamilies = "AF_UNIX AF_INET6";
}; };
}; };
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
}; };
} }

2
nixos/tests/spacecookie.nix
View File

@ -9,7 +9,6 @@ in
name = "spacecookie"; name = "spacecookie";
nodes = { nodes = {
${gopherHost} = { ${gopherHost} = {
networking.firewall.allowedTCPPorts = [ 70 ];
systemd.services.spacecookie = { systemd.services.spacecookie = {
preStart = '' preStart = ''
mkdir -p ${gopherRoot}/directory mkdir -p ${gopherRoot}/directory
@ -21,6 +20,7 @@ in
enable = true; enable = true;
root = gopherRoot; root = gopherRoot;
hostname = gopherHost; hostname = gopherHost;
openFirewall = true;
}; };
}; };