cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #243366 from vamega/sambda-wsdd-firewall-config

Browse source 
nixos/samba-wsdd: add openFirewall option
This commit is contained in:
Emily 2023-07-17 19:21:58 +02:00 committed by GitHub
commit 00a7b91eac
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/services/network-filesystems/samba-wsdd.nix
View file

@ -11,13 +11,6 @@ in {
enable = mkEnableOption (lib.mdDoc '' enable = mkEnableOption (lib.mdDoc ''
Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
to be found by Web Service Discovery Clients like Windows. to be found by Web Service Discovery Clients like Windows.
::: {.note}
If you use the firewall consider adding the following:
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
:::
''); '');
interface = mkOption { interface = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
@ -31,6 +24,13 @@ in {
example = 2; example = 2;
description = lib.mdDoc "Hop limit for multicast packets (default = 1)."; description = lib.mdDoc "Hop limit for multicast packets (default = 1).";
}; };
openFirewall = mkOption {
description = lib.mdDoc ''
Whether to open the required firewall ports in the firewall.
'';
default = false;
type = lib.types.bool;
};
workgroup = mkOption { workgroup = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@ -120,5 +120,10 @@ in {
SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources"; SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources";
}; };
}; };
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 5357 ];
allowedUDPPorts = [ 3702 ];
};
}; };
} }

6
nixos/tests/samba-wsdd.nix
View file

@ -8,25 +8,23 @@ import ./make-test-python.nix ({ pkgs, ... }:
client_wsdd = { pkgs, ... }: { client_wsdd = { pkgs, ... }: {
services.samba-wsdd = { services.samba-wsdd = {
enable = true; enable = true;
openFirewall = true;
interface = "eth1"; interface = "eth1";
workgroup = "WORKGROUP"; workgroup = "WORKGROUP";
hostname = "CLIENT-WSDD"; hostname = "CLIENT-WSDD";
discovery = true; discovery = true;
extraOptions = [ "--no-host" ]; extraOptions = [ "--no-host" ];
}; };
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
}; };
server_wsdd = { ... }: { server_wsdd = { ... }: {
services.samba-wsdd = { services.samba-wsdd = {
enable = true; enable = true;
openFirewall = true;
interface = "eth1"; interface = "eth1";
workgroup = "WORKGROUP"; workgroup = "WORKGROUP";
hostname = "SERVER-WSDD"; hostname = "SERVER-WSDD";
}; };
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
}; };
}; };