nixos/shairport-sync: add firewall rules

Add an option to automatically open the firewall for shairport.
2021-11-30 19:16:08 +00:00 · 2021-11-30 19:16:08 +00:00 · ea90c516e7
commit ea90c516e7
parent b56d7a70a7
1 changed files with 14 additions and 0 deletions
--- a/nixos/modules/services/networking/shairport-sync.nix
+++ b/nixos/modules/services/networking/shairport-sync.nix
@ -36,6 +36,14 @@ in
        '';
      };

+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to automatically open ports in the firewall.
+        '';
+      };
+
      user = mkOption {
        type = types.str;
        default = "shairport";
@ -66,6 +74,12 @@ in
        extraGroups = [ "audio" ] ++ optional config.hardware.pulseaudio.enable "pulse";
      };

+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 5000 ];
+      allowedUDPPortRanges = [ { from = 6001; to = 6011; } ];
+    };
+
    systemd.services.shairport-sync =
      {
        description = "shairport-sync";