Merge pull request #243366 from vamega/sambda-wsdd-firewall-config

nixos/samba-wsdd: add openFirewall option
This commit is contained in:
Emily 2023-07-17 19:21:58 +02:00 committed by GitHub
commit 00a7b91eac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 11 deletions

View file

@ -11,13 +11,6 @@ in {
enable = mkEnableOption (lib.mdDoc ''
Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
to be found by Web Service Discovery Clients like Windows.
::: {.note}
If you use the firewall consider adding the following:
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
:::
'');
interface = mkOption {
type = types.nullOr types.str;
@ -31,6 +24,13 @@ in {
example = 2;
description = lib.mdDoc "Hop limit for multicast packets (default = 1).";
};
openFirewall = mkOption {
description = lib.mdDoc ''
Whether to open the required firewall ports in the firewall.
'';
default = false;
type = lib.types.bool;
};
workgroup = mkOption {
type = types.nullOr types.str;
default = null;
@ -120,5 +120,10 @@ in {
SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 5357 ];
allowedUDPPorts = [ 3702 ];
};
};
}

View file

@ -8,25 +8,23 @@ import ./make-test-python.nix ({ pkgs, ... }:
client_wsdd = { pkgs, ... }: {
services.samba-wsdd = {
enable = true;
openFirewall = true;
interface = "eth1";
workgroup = "WORKGROUP";
hostname = "CLIENT-WSDD";
discovery = true;
extraOptions = [ "--no-host" ];
};
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
};
server_wsdd = { ... }: {
services.samba-wsdd = {
enable = true;
openFirewall = true;
interface = "eth1";
workgroup = "WORKGROUP";
hostname = "SERVER-WSDD";
};
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
};
};