nixos/printing: Add openFirewall option (#176539)

This commit is contained in:
Jonas Heinrich 2023-11-05 16:01:20 +01:00 committed by GitHub
parent 315e3635bf
commit 35128eb6f8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 1 deletions

View file

@ -108,6 +108,13 @@ let
containsGutenprint = pkgs: length (filterGutenprint pkgs) > 0;
getGutenprint = pkgs: head (filterGutenprint pkgs);
parsePorts = addresses: let
splitAddress = addr: lib.strings.splitString ":" addr;
extractPort = addr: builtins.elemAt (builtins.tail (splitAddress addr)) 0;
toInt = str: lib.strings.toInt str;
in
builtins.map (address: toInt (extractPort address)) addresses;
in
{
@ -172,6 +179,15 @@ in
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the firewall for TCP/UDP ports specified in
listenAdrresses option.
'';
};
bindirCmds = mkOption {
type = types.lines;
internal = true;
@ -463,6 +479,13 @@ in
security.pam.services.cups = {};
networking.firewall = let
listenPorts = parsePorts cfg.listenAddresses;
in mkIf cfg.openFirewall {
allowedTCPPorts = listenPorts;
allowedUDPPorts = listenPorts;
};
};
meta.maintainers = with lib.maintainers; [ matthewbauer ];

View file

@ -19,6 +19,7 @@ import ./make-test-python.nix (
startWhenNeeded = socket;
listenAddresses = [ "*:631" ];
defaultShared = true;
openFirewall = true;
extraConf = ''
<Location />
Order allow,deny
@ -26,7 +27,6 @@ import ./make-test-python.nix (
</Location>
'';
};
networking.firewall.allowedTCPPorts = [ 631 ];
# Add a HP Deskjet printer connected via USB to the server.
hardware.printers.ensurePrinters = [{
name = "DeskjetLocal";