pyrox.dev / nixpkgs
lol
fork atom

nixos/ausweisapp: init module with firewall option

Optional functionality of AusweisApp2 requires an UDP port to be opened.
The module allows for convenient configuration and serves as documentation.
See also https://github.com/NixOS/nixpkgs/issues/136269

Markus S. Wamser b20df24e d68d3438

options
unified split
Changed files
+36
nixos
doc
manual
from_md
release-notes
rl-2211.section.xml
release-notes
rl-2211.section.md
modules
module-list.nix
programs
ausweisapp.nix
+8
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml 
···

       
267

       
267

       
 

       
      </listitem>


     

       
268

       
268

       
 

       
      <listitem>


     

       
269

       
269

       
 

       
        <para>


     

       

       
270

       
+

       
          <link xlink:href="https://www.ausweisapp.bund.de/">AusweisApp2</link>,


     

       

       
271

       
+

       
          the authentication software for the German ID card. Available


     

       

       
272

       
+

       
          as


     

       

       
273

       
+

       
          <link linkend="opt-programs.ausweisapp.enable">programs.ausweisapp</link>.


     

       

       
274

       
+

       
        </para>


     

       

       
275

       
+

       
      </listitem>


     

       

       
276

       
+

       
      <listitem>


     

       

       
277

       
+

       
        <para>


     

       
270

       
278

       
 

       
          <link xlink:href="https://github.com/zalando/patroni">Patroni</link>,


     

       
271

       
279

       
 

       
          a template for PostgreSQL HA with ZooKeeper, etcd or Consul.


     

       
272

       
280

       
 

       
          Available as
+2
nixos/doc/manual/release-notes/rl-2211.section.md 
···

       
94

       
94

       
 

       



     

       
95

       
95

       
 

       
- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).


     

       
96

       
96

       
 

       



     

       

       
97

       
+

       
- [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable).


     

       

       
98

       
+

       



     

       
97

       
99

       
 

       
- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.


     

       
98

       
100

       
 

       
Available as [services.patroni](options.html#opt-services.patroni.enable).


     

       
99

       
101
+1
nixos/modules/module-list.nix 
···

       
128

       
128

       
 

       
  ./programs/adb.nix


     

       
129

       
129

       
 

       
  ./programs/appgate-sdp.nix


     

       
130

       
130

       
 

       
  ./programs/atop.nix


     

       

       
131

       
+

       
  ./programs/ausweisapp.nix


     

       
131

       
132

       
 

       
  ./programs/autojump.nix


     

       
132

       
133

       
 

       
  ./programs/bandwhich.nix


     

       
133

       
134

       
 

       
  ./programs/bash/bash.nix
+25
nixos/modules/programs/ausweisapp.nix 
···

       

       
1

       
+

       
{ config, lib, pkgs, ... }:


     

       

       
2

       
+

       



     

       

       
3

       
+

       
with lib;


     

       

       
4

       
+

       



     

       

       
5

       
+

       
let


     

       

       
6

       
+

       
  cfg  = config.programs.ausweisapp;


     

       

       
7

       
+

       
in


     

       

       
8

       
+

       
{


     

       

       
9

       
+

       
  options.programs.ausweisapp = {


     

       

       
10

       
+

       
    enable = mkEnableOption (lib.mdDoc "AusweisApp2");


     

       

       
11

       
+

       



     

       

       
12

       
+

       
    openFirewall = mkOption {


     

       

       
13

       
+

       
      description = lib.mdDoc ''


     

       

       
14

       
+

       
        Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp2.


     

       

       
15

       
+

       
      '';


     

       

       
16

       
+

       
      default = false;


     

       

       
17

       
+

       
      type = lib.types.bool;


     

       

       
18

       
+

       
    };


     

       

       
19

       
+

       
  };


     

       

       
20

       
+

       



     

       

       
21

       
+

       
  config = mkIf cfg.enable {


     

       

       
22

       
+

       
    environment.systemPackages = with pkgs; [ AusweisApp2 ];


     

       

       
23

       
+

       
    networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 24727 ];


     

       

       
24

       
+

       
  };


     

       

       
25

       
+

       
}