modules/nixos/networking/firewall.nix at master · sapphic.moe/flake

sapphic.moe / flake

❄️ Dotfiles for our NixOS system configuration.

flake / modules / nixos / networking / firewall.nix

at master 902 B view raw

 1{
 2  lib,
 3  config,
 4  pkgs,
 5  ...
 6}:
 7
 8{
 9  options.settings.firewall = {
10    enable = lib.mkOption {
11      type = lib.types.bool;
12      default = true;
13      description = "Enable firewall";
14    };
15
16    package = lib.mkOption {
17      type = lib.types.package;
18      default = pkgs.iptables;
19      description = "Firewall package to use";
20    };
21
22    allowedTCPPorts = lib.mkOption {
23      type = lib.types.listOf lib.types.int;
24      default = [ ];
25      description = "Allowed TCP ports";
26    };
27
28    allowedUDPPorts = lib.mkOption {
29      type = lib.types.listOf lib.types.int;
30      default = [ ];
31      description = "Allowed UDP ports";
32    };
33  };
34
35  config = lib.mkIf config.settings.firewall.enable {
36    networking.firewall = {
37      enable = true;
38      allowedTCPPorts = config.settings.firewall.allowedTCPPorts;
39      allowedUDPPorts = config.settings.firewall.allowedUDPPorts;
40    };
41  };
42}