From 43d2eefea6a42a1e77e326d36da064246b6afcb2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 16 Oct 2021 12:29:55 +1100 Subject: [PATCH] nixos/samba: Add `openFirewall` option --- .../services/network-filesystems/samba.nix | 16 +++++++++++++--- nixos/tests/samba.nix | 3 +-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 3fedaeb49529..9ed755d0465c 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -87,13 +87,20 @@ in If you use the firewall consider adding the following: - networking.firewall.allowedTCPPorts = [ 139 445 ]; - networking.firewall.allowedUDPPorts = [ 137 138 ]; + services.samba.openFirewall = true; ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to automatically open the necessary ports in the firewall. + ''; + }; + enableNmbd = mkOption { type = types.bool; default = true; @@ -235,7 +242,10 @@ in }; security.pam.services.samba = {}; - environment.systemPackages = [ config.services.samba.package ]; + environment.systemPackages = [ cfg.package ]; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ]; + networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ]; }) ]; diff --git a/nixos/tests/samba.nix b/nixos/tests/samba.nix index d1d50caabfa5..252c3dd9c76e 100644 --- a/nixos/tests/samba.nix +++ b/nixos/tests/samba.nix @@ -20,6 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }: server = { ... }: { services.samba.enable = true; + services.samba.openFirewall = true; services.samba.shares.public = { path = "/public"; "read only" = true; @@ -27,8 +28,6 @@ import ./make-test-python.nix ({ pkgs, ... }: "guest ok" = "yes"; comment = "Public samba share."; }; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - networking.firewall.allowedUDPPorts = [ 137 138 ]; }; };