nixos/samba: Add openFirewall option

2021-10-16 12:29:55 +11:00 · 2021-10-16 12:29:55 +11:00 · 43d2eefea6
commit 43d2eefea6
parent c033ff53bb
2 changed files with 14 additions and 5 deletions
--- a/nixos/modules/services/network-filesystems/samba.nix
+++ b/nixos/modules/services/network-filesystems/samba.nix
@ -87,13 +87,20 @@ in
          <note>
            <para>If you use the firewall consider adding the following:</para>
          <programlisting>
-            networking.firewall.allowedTCPPorts = [ 139 445 ];
-            networking.firewall.allowedUDPPorts = [ 137 138 ];
+            services.samba.openFirewall = true;
          </programlisting>
          </note>
        '';
      };

+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to automatically open the necessary ports in the firewall.
+        '';
+      };
+
      enableNmbd = mkOption {
        type = types.bool;
        default = true;
@ -235,7 +242,10 @@ in
        };

        security.pam.services.samba = {};
-        environment.systemPackages = [ config.services.samba.package ];
+        environment.systemPackages = [ cfg.package ];
+
+        networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ];
+        networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ];
      })
    ];

--- a/nixos/tests/samba.nix
+++ b/nixos/tests/samba.nix
@ -20,6 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
      server =
        { ... }:
        { services.samba.enable = true;
+          services.samba.openFirewall = true;
          services.samba.shares.public =
            { path = "/public";
              "read only" = true;
@ -27,8 +28,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
              "guest ok" = "yes";
              comment = "Public samba share.";
            };
-          networking.firewall.allowedTCPPorts = [ 139 445 ];
-          networking.firewall.allowedUDPPorts = [ 137 138 ];
        };
    };