ptr.pet / nixos-cloud-resources
nixos modules for convenient deployment of cloud resources
fork atom
nixos-cloud-resources / firewall / default.nix
at main 896 B view raw
1{lib, config, options, ...}: let 2 l = lib; 3 t = l.types; 4 cfg = config.networking.firewall.public; 5 6 portOptions = { 7 inherit (options.networking.firewall) 8 allowedTCPPorts 9 allowedUDPPorts 10 allowedTCPPortRanges 11 allowedUDPPortRanges; 12 }; 13in { 14 options = { 15 networking.firewall.public = l.mkOption { 16 default = { }; 17 type = t.attrsOf (t.submodule [{ options = portOptions; }]); 18 description = "Tagged open port sets."; 19 }; 20 }; 21 22 config = let 23 concatAll = name: l.concatLists (l.mapAttrsToList (_: opts: opts.${name}) cfg); 24 in { 25 networking.firewall.allowedTCPPorts = concatAll "allowedTCPPorts"; 26 networking.firewall.allowedTCPPortRanges = concatAll "allowedTCPPortRanges"; 27 networking.firewall.allowedUDPPorts = concatAll "allowedUDPPorts"; 28 networking.firewall.allowedUDPPortRanges = concatAll "allowedUDPPortRanges"; 29 }; 30}