nixos/ausweisapp: init module with firewall option

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

Optional functionality of AusweisApp2 requires an UDP port to be opened.
The module allows for convenient configuration and serves as documentation.
See also https://github.com/NixOS/nixpkgs/issues/136269

authored by

Markus S. Wamser and committed by

Sandro Jäckel 3 years ago b20df24e d68d3438

+36

4 changed files

expand all

nixos

doc

manual

from_md

release-notes

rl-2211.section.xml

release-notes

rl-2211.section.md

modules

module-list.nix

programs

ausweisapp.nix

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

··· 267 267 </listitem> 268 268 <listitem> 269 269 <para> 270 + <link xlink:href="https://www.ausweisapp.bund.de/">AusweisApp2</link>, 271 + the authentication software for the German ID card. Available 272 + as 273 + <link linkend="opt-programs.ausweisapp.enable">programs.ausweisapp</link>. 274 + </para> 275 + </listitem> 276 + <listitem> 277 + <para> 270 278 <link xlink:href="https://github.com/zalando/patroni">Patroni</link>, 271 279 a template for PostgreSQL HA with ZooKeeper, etcd or Consul. 272 280 Available as

nixos/doc/manual/release-notes/rl-2211.section.md

··· 94 94 95 95 - [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable). 96 96 97 + - [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable). 98 + 97 99 - [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul. 98 100 Available as [services.patroni](options.html#opt-services.patroni.enable). 99 101

nixos/modules/module-list.nix

··· 128 128 ./programs/adb.nix 129 129 ./programs/appgate-sdp.nix 130 130 ./programs/atop.nix 131 + ./programs/ausweisapp.nix 131 132 ./programs/autojump.nix 132 133 ./programs/bandwhich.nix 133 134 ./programs/bash/bash.nix

+25

nixos/modules/programs/ausweisapp.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.programs.ausweisapp; 7 + in 8 + { 9 + options.programs.ausweisapp = { 10 + enable = mkEnableOption (lib.mdDoc "AusweisApp2"); 11 + 12 + openFirewall = mkOption { 13 + description = lib.mdDoc '' 14 + Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp2. 15 + ''; 16 + default = false; 17 + type = lib.types.bool; 18 + }; 19 + }; 20 + 21 + config = mkIf cfg.enable { 22 + environment.systemPackages = with pkgs; [ AusweisApp2 ]; 23 + networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 24727 ]; 24 + }; 25 + }