pyrox.dev / nixpkgs
lol
fork atom

nixos/samba-wsdd: add openFirewall option

Varun Madiath d237a731 2de8efef

+14 -11
+12 -7
nixos/modules/services/network-filesystems/samba-wsdd.nix
··· 11 11 enable = mkEnableOption (lib.mdDoc '' 12 12 Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, 13 13 to be found by Web Service Discovery Clients like Windows. 14 - 15 - ::: {.note} 16 - If you use the firewall consider adding the following: 17 - 18 - networking.firewall.allowedTCPPorts = [ 5357 ]; 19 - networking.firewall.allowedUDPPorts = [ 3702 ]; 20 - ::: 21 14 ''); 22 15 interface = mkOption { 23 16 type = types.nullOr types.str; ··· 30 23 default = null; 31 24 example = 2; 32 25 description = lib.mdDoc "Hop limit for multicast packets (default = 1)."; 26 + }; 27 + openFirewall = mkOption { 28 + description = lib.mdDoc '' 29 + Whether to open the required firewall ports in the firewall. 30 + ''; 31 + default = false; 32 + type = lib.types.bool; 33 33 }; 34 34 workgroup = mkOption { 35 35 type = types.nullOr types.str; ··· 119 119 SystemCallArchitectures = "native"; 120 120 SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources"; 121 121 }; 122 + }; 123 + 124 + networking.firewall = mkIf cfg.openFirewall { 125 + allowedTCPPorts = [ 5357 ]; 126 + allowedUDPPorts = [ 3702 ]; 122 127 }; 123 128 }; 124 129 }
+2 -4
nixos/tests/samba-wsdd.nix
··· 8 8 client_wsdd = { pkgs, ... }: { 9 9 services.samba-wsdd = { 10 10 enable = true; 11 + openFirewall = true; 11 12 interface = "eth1"; 12 13 workgroup = "WORKGROUP"; 13 14 hostname = "CLIENT-WSDD"; 14 15 discovery = true; 15 16 extraOptions = [ "--no-host" ]; 16 17 }; 17 - networking.firewall.allowedTCPPorts = [ 5357 ]; 18 - networking.firewall.allowedUDPPorts = [ 3702 ]; 19 18 }; 20 19 21 20 server_wsdd = { ... }: { 22 21 services.samba-wsdd = { 23 22 enable = true; 23 + openFirewall = true; 24 24 interface = "eth1"; 25 25 workgroup = "WORKGROUP"; 26 26 hostname = "SERVER-WSDD"; 27 27 }; 28 - networking.firewall.allowedTCPPorts = [ 5357 ]; 29 - networking.firewall.allowedUDPPorts = [ 3702 ]; 30 28 }; 31 29 }; 32 30