nixos/spacecookie: add openFirewall option

Convenience shortcut which automatically configures the firewall to open the port which is also configured for the spacecookie service.
2021-03-10 21:56:11 +01:00 · 2021-03-10 21:56:11 +01:00 · d1f57cbaf0
parent 58be28d7ce
commit d1f57cbaf0
2 changed files with 14 additions and 3 deletions
--- a/nixos/modules/services/networking/spacecookie.nix
+++ b/nixos/modules/services/networking/spacecookie.nix
@ -37,12 +37,19 @@ in {
        '';
      };

+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open the necessary port in the firewall for spacecookie.
+        '';
+      };
+
      port = mkOption {
        type = types.port;
        default = 70;
        description = ''
-          Port the gopher service should be exposed on. The
-          firewall is not opened automatically.
+          Port the gopher service should be exposed on.
        '';
      };

@ -100,5 +107,9 @@ in {
        RestrictAddressFamilies = "AF_UNIX AF_INET6";
      };
    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
  };
 }
--- a/nixos/tests/spacecookie.nix
+++ b/nixos/tests/spacecookie.nix
@ -9,7 +9,6 @@ in
    name = "spacecookie";
    nodes = {
      ${gopherHost} = {
-        networking.firewall.allowedTCPPorts = [ 70 ];
        systemd.services.spacecookie = {
          preStart = ''
            mkdir -p ${gopherRoot}/directory
@ -21,6 +20,7 @@ in
          enable = true;
          root = gopherRoot;
          hostname = gopherHost;
+          openFirewall = true;
        };
      };