Merge pull request #141861 from Enzime/add/samba-open-firewall

nixos/samba: Add `openFirewall` option

authored by

Robert Hensing and committed by
GitHub
15390246 5193b0da

+14 -5
+13 -3
nixos/modules/services/network-filesystems/samba.nix
··· 87 87 <note> 88 88 <para>If you use the firewall consider adding the following:</para> 89 89 <programlisting> 90 - networking.firewall.allowedTCPPorts = [ 139 445 ]; 91 - networking.firewall.allowedUDPPorts = [ 137 138 ]; 90 + services.samba.openFirewall = true; 92 91 </programlisting> 93 92 </note> 93 + ''; 94 + }; 95 + 96 + openFirewall = mkOption { 97 + type = types.bool; 98 + default = false; 99 + description = '' 100 + Whether to automatically open the necessary ports in the firewall. 94 101 ''; 95 102 }; 96 103 ··· 235 242 }; 236 243 237 244 security.pam.services.samba = {}; 238 - environment.systemPackages = [ config.services.samba.package ]; 245 + environment.systemPackages = [ cfg.package ]; 246 + 247 + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ]; 248 + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ]; 239 249 }) 240 250 ]; 241 251
+1 -2
nixos/tests/samba.nix
··· 20 20 server = 21 21 { ... }: 22 22 { services.samba.enable = true; 23 + services.samba.openFirewall = true; 23 24 services.samba.shares.public = 24 25 { path = "/public"; 25 26 "read only" = true; ··· 27 28 "guest ok" = "yes"; 28 29 comment = "Public samba share."; 29 30 }; 30 - networking.firewall.allowedTCPPorts = [ 139 445 ]; 31 - networking.firewall.allowedUDPPorts = [ 137 138 ]; 32 31 }; 33 32 }; 34 33