36 lines
975 B
Nix
36 lines
975 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
# From https://github.com/GSConnect/gnome-shell-extension-gsconnect/blob/v53/data/firewalld/gsconnect.xml
|
|
ports = [
|
|
{ protocol = "tcp"; port = "1716"; }
|
|
{ protocol = "udp"; port = "1716"; }
|
|
{ protocol = "tcp"; port = "1739:1764"; }
|
|
{ protocol = "udp"; port = "1739:1764"; }
|
|
];
|
|
|
|
cfg = config.services.kdeConnect;
|
|
rules = map ({ protocol, port }: ''
|
|
--protocol ${protocol} \
|
|
--source ${escapeShellArg (concatStringsSep "," cfg.openPortsFromIPs)} \
|
|
--dport ${port} \
|
|
--jump nixos-fw-accept
|
|
'') ports;
|
|
in
|
|
{
|
|
options.services.kdeConnect = {
|
|
openPortsFromIPs = mkOption { type = types.listOf types.str; default = [ ]; };
|
|
};
|
|
|
|
config = {
|
|
networking.firewall.extraCommands = concatMapStrings (rule: ''
|
|
iptables --append ${rule}
|
|
'') rules;
|
|
|
|
networking.firewall.extraStopCommands = concatMapStrings (rule: ''
|
|
iptables --delete ${rule} || true
|
|
'') rules;
|
|
};
|
|
}
|