pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.miniupnpd;
7 configFile = pkgs.writeText "miniupnpd.conf" ''
8 ext_ifname=${cfg.externalInterface}
9 enable_natpmp=${if cfg.natpmp then "yes" else "no"}
10 enable_upnp=${if cfg.upnp then "yes" else "no"}
11
12 ${concatMapStrings (range: ''
13 listening_ip=${range}
14 '') cfg.internalIPs}
15
16 ${cfg.appendConfig}
17 '';
18in
19{
20 options = {
21 services.miniupnpd = {
22 enable = mkEnableOption (lib.mdDoc "MiniUPnP daemon");
23
24 externalInterface = mkOption {
25 type = types.str;
26 description = lib.mdDoc ''
27 Name of the external interface.
28 '';
29 };
30
31 internalIPs = mkOption {
32 type = types.listOf types.str;
33 example = [ "192.168.1.1/24" "enp1s0" ];
34 description = lib.mdDoc ''
35 The IP address ranges to listen on.
36 '';
37 };
38
39 natpmp = mkEnableOption (lib.mdDoc "NAT-PMP support");
40
41 upnp = mkOption {
42 default = true;
43 type = types.bool;
44 description = lib.mdDoc ''
45 Whether to enable UPNP support.
46 '';
47 };
48
49 appendConfig = mkOption {
50 type = types.lines;
51 default = "";
52 description = lib.mdDoc ''
53 Configuration lines appended to the MiniUPnP config.
54 '';
55 };
56 };
57 };
58
59 config = mkIf cfg.enable {
60 networking.firewall.extraCommands = ''
61 ${pkgs.bash}/bin/bash -x ${pkgs.miniupnpd}/etc/miniupnpd/iptables_init.sh -i ${cfg.externalInterface}
62 '';
63
64 networking.firewall.extraStopCommands = ''
65 ${pkgs.bash}/bin/bash -x ${pkgs.miniupnpd}/etc/miniupnpd/iptables_removeall.sh -i ${cfg.externalInterface}
66 '';
67
68 systemd.services.miniupnpd = {
69 description = "MiniUPnP daemon";
70 after = [ "network.target" ];
71 wantedBy = [ "multi-user.target" ];
72 serviceConfig = {
73 ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}";
74 PIDFile = "/run/miniupnpd.pid";
75 Type = "forking";
76 };
77 };
78 };
79}