pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / miniupnpd.nix
at release-16.03-start 3.0 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.miniupnpd; 7 configFile = pkgs.writeText "miniupnpd.conf" '' 8 ext_ifname=${cfg.externalInterface} 9 enable_natpmp=${if cfg.natpmp then "yes" else "no"} 10 enable_upnp=${if cfg.upnp then "yes" else "no"} 11 12 ${concatMapStrings (range: '' 13 listening_ip=${range} 14 '') cfg.internalIPs} 15 16 ${cfg.appendConfig} 17 ''; 18in 19{ 20 options = { 21 services.miniupnpd = { 22 enable = mkEnableOption "MiniUPnP daemon"; 23 24 externalInterface = mkOption { 25 type = types.str; 26 description = '' 27 Name of the external interface. 28 ''; 29 }; 30 31 internalIPs = mkOption { 32 type = types.listOf types.str; 33 example = [ "192.168.1.1/24" "enp1s0" ]; 34 description = '' 35 The IP address ranges to listen on. 36 ''; 37 }; 38 39 natpmp = mkEnableOption "NAT-PMP support"; 40 41 upnp = mkOption { 42 default = true; 43 type = types.bool; 44 description = '' 45 Whether to enable UPNP support. 46 ''; 47 }; 48 49 appendConfig = mkOption { 50 type = types.lines; 51 default = ""; 52 description = '' 53 Configuration lines appended to the MiniUPnP config. 54 ''; 55 }; 56 }; 57 }; 58 59 config = mkIf cfg.enable { 60 # from miniupnpd/netfilter/iptables_init.sh 61 networking.firewall.extraCommands = '' 62 iptables -t nat -N MINIUPNPD 63 iptables -t nat -A PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD 64 iptables -t mangle -N MINIUPNPD 65 iptables -t mangle -A PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD 66 iptables -t filter -N MINIUPNPD 67 iptables -t filter -A FORWARD -i ${cfg.externalInterface} ! -o ${cfg.externalInterface} -j MINIUPNPD 68 iptables -t nat -N MINIUPNPD-PCP-PEER 69 iptables -t nat -A POSTROUTING -o ${cfg.externalInterface} -j MINIUPNPD-PCP-PEER 70 ''; 71 72 # from miniupnpd/netfilter/iptables_removeall.sh 73 networking.firewall.extraStopCommands = '' 74 iptables -t nat -F MINIUPNPD 75 iptables -t nat -D PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD 76 iptables -t nat -X MINIUPNPD 77 iptables -t mangle -F MINIUPNPD 78 iptables -t mangle -D PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD 79 iptables -t mangle -X MINIUPNPD 80 iptables -t filter -F MINIUPNPD 81 iptables -t filter -D FORWARD -i ${cfg.externalInterface} ! -o ${cfg.externalInterface} -j MINIUPNPD 82 iptables -t filter -X MINIUPNPD 83 iptables -t nat -F MINIUPNPD-PCP-PEER 84 iptables -t nat -D POSTROUTING -o ${cfg.externalInterface} -j MINIUPNPD-PCP-PEER 85 iptables -t nat -X MINIUPNPD-PCP-PEER 86 ''; 87 88 systemd.services.miniupnpd = { 89 description = "MiniUPnP daemon"; 90 after = [ "network.target" ]; 91 wantedBy = [ "multi-user.target" ]; 92 serviceConfig = { 93 ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}"; 94 PIDFile = "/var/run/miniupnpd.pid"; 95 Type = "forking"; 96 }; 97 }; 98 }; 99}