pyrox.dev
Merge pull request #141861 from Enzime/add/samba-open-firewall
nixos/samba: Add `openFirewall` option
authored by
Robert Hensing
and committed by
GitHub
15390246
5193b0da
+13
-3
nixos/modules/services/network-filesystems/samba.nix
+13
-3
nixos/modules/services/network-filesystems/samba.nix
···
87
87
<note>
88
88
<para>If you use the firewall consider adding the following:</para>
89
89
<programlisting>
90
-
networking.firewall.allowedTCPPorts = [ 139 445 ];
91
-
networking.firewall.allowedUDPPorts = [ 137 138 ];
90
+
services.samba.openFirewall = true;
92
91
</programlisting>
93
92
</note>
93
+
'';
94
+
};
95
+
96
+
openFirewall = mkOption {
97
+
type = types.bool;
98
+
default = false;
99
+
description = ''
100
+
Whether to automatically open the necessary ports in the firewall.
94
101
'';
95
102
};
96
103
···
235
242
};
236
243
237
244
security.pam.services.samba = {};
238
-
environment.systemPackages = [ config.services.samba.package ];
245
+
environment.systemPackages = [ cfg.package ];
246
+
247
+
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ];
248
+
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ];
239
249
})
240
250
];
241
251
+1
-2
nixos/tests/samba.nix
+1
-2
nixos/tests/samba.nix
···
20
20
server =
21
21
{ ... }:
22
22
{ services.samba.enable = true;
23
+
services.samba.openFirewall = true;
23
24
services.samba.shares.public =
24
25
{ path = "/public";
25
26
"read only" = true;
···
27
28
"guest ok" = "yes";
28
29
comment = "Public samba share.";
29
30
};
30
-
networking.firewall.allowedTCPPorts = [ 139 445 ];
31
-
networking.firewall.allowedUDPPorts = [ 137 138 ];
32
31
};
33
32
};
34
33