nixos/printing: Add openFirewall option (#176539)
This commit is contained in:
parent
315e3635bf
commit
35128eb6f8
2 changed files with 24 additions and 1 deletions
|
@ -108,6 +108,13 @@ let
|
|||
containsGutenprint = pkgs: length (filterGutenprint pkgs) > 0;
|
||||
getGutenprint = pkgs: head (filterGutenprint pkgs);
|
||||
|
||||
parsePorts = addresses: let
|
||||
splitAddress = addr: lib.strings.splitString ":" addr;
|
||||
extractPort = addr: builtins.elemAt (builtins.tail (splitAddress addr)) 0;
|
||||
toInt = str: lib.strings.toInt str;
|
||||
in
|
||||
builtins.map (address: toInt (extractPort address)) addresses;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -172,6 +179,15 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open the firewall for TCP/UDP ports specified in
|
||||
listenAdrresses option.
|
||||
'';
|
||||
};
|
||||
|
||||
bindirCmds = mkOption {
|
||||
type = types.lines;
|
||||
internal = true;
|
||||
|
@ -463,6 +479,13 @@ in
|
|||
|
||||
security.pam.services.cups = {};
|
||||
|
||||
networking.firewall = let
|
||||
listenPorts = parsePorts cfg.listenAddresses;
|
||||
in mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = listenPorts;
|
||||
allowedUDPPorts = listenPorts;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ matthewbauer ];
|
||||
|
|
|
@ -19,6 +19,7 @@ import ./make-test-python.nix (
|
|||
startWhenNeeded = socket;
|
||||
listenAddresses = [ "*:631" ];
|
||||
defaultShared = true;
|
||||
openFirewall = true;
|
||||
extraConf = ''
|
||||
<Location />
|
||||
Order allow,deny
|
||||
|
@ -26,7 +27,6 @@ import ./make-test-python.nix (
|
|||
</Location>
|
||||
'';
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 631 ];
|
||||
# Add a HP Deskjet printer connected via USB to the server.
|
||||
hardware.printers.ensurePrinters = [{
|
||||
name = "DeskjetLocal";
|
||||
|
|
Loading…
Reference in a new issue