Merge pull request #243366 from vamega/sambda-wsdd-firewall-config

nixos/samba-wsdd: add openFirewall option
2023-07-17 19:21:58 +02:00 · 2023-07-17 19:21:58 +02:00 · 00a7b91eac
parent 335a69d8d6 d237a7318c
commit 00a7b91eac
2 changed files with 14 additions and 11 deletions
--- a/nixos/modules/services/network-filesystems/samba-wsdd.nix
+++ b/nixos/modules/services/network-filesystems/samba-wsdd.nix
@ -11,13 +11,6 @@ in {
      enable = mkEnableOption (lib.mdDoc ''
        Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
        to be found by Web Service Discovery Clients like Windows.
-
-        ::: {.note}
-        If you use the firewall consider adding the following:
-
-            networking.firewall.allowedTCPPorts = [ 5357 ];
-            networking.firewall.allowedUDPPorts = [ 3702 ];
-        :::
      '');
      interface = mkOption {
        type = types.nullOr types.str;
@ -31,6 +24,13 @@ in {
        example = 2;
        description = lib.mdDoc "Hop limit for multicast packets (default = 1).";
      };
+      openFirewall = mkOption {
+        description = lib.mdDoc ''
+          Whether to open the required firewall ports in the firewall.
+        '';
+        default = false;
+        type = lib.types.bool;
+      };
      workgroup = mkOption {
        type = types.nullOr types.str;
        default = null;
@ -120,5 +120,10 @@ in {
        SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources";
      };
    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 5357 ];
+      allowedUDPPorts = [ 3702 ];
+    };
  };
 }
--- a/nixos/tests/samba-wsdd.nix
+++ b/nixos/tests/samba-wsdd.nix
@ -8,25 +8,23 @@ import ./make-test-python.nix ({ pkgs, ... }:
    client_wsdd = { pkgs, ... }: {
      services.samba-wsdd = {
        enable = true;
+        openFirewall = true;
        interface = "eth1";
        workgroup = "WORKGROUP";
        hostname = "CLIENT-WSDD";
        discovery = true;
        extraOptions = [ "--no-host" ];
      };
-      networking.firewall.allowedTCPPorts = [ 5357 ];
-      networking.firewall.allowedUDPPorts = [ 3702 ];
    };

    server_wsdd = { ... }: {
      services.samba-wsdd = {
        enable = true;
+        openFirewall = true;
        interface = "eth1";
        workgroup = "WORKGROUP";
        hostname = "SERVER-WSDD";
      };
-      networking.firewall.allowedTCPPorts = [ 5357 ];
-      networking.firewall.allowedUDPPorts = [ 3702 ];
    };
  };