38 lines
782 B
Nix
38 lines
782 B
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.network.firewall;
|
|
in
|
|
{
|
|
options.my.network.firewall = {
|
|
allowedTCPPorts = lib.mkOption {
|
|
type = lib.types.listOf lib.types.port;
|
|
default = [ ];
|
|
};
|
|
|
|
allowedUDPPorts = lib.mkOption {
|
|
type = lib.types.listOf lib.types.port;
|
|
default = [ ];
|
|
};
|
|
|
|
trustedInterfaces = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
};
|
|
|
|
allowPing = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = cfg.allowedTCPPorts;
|
|
allowedUDPPorts = cfg.allowedUDPPorts;
|
|
trustedInterfaces = cfg.trustedInterfaces;
|
|
allowPing = cfg.allowPing;
|
|
};
|
|
};
|
|
}
|