about summary refs log tree commit diff
path: root/nixos/modules/services/audio
diff options
context:
space:
mode:
authorRvfg <i@rvf6.com>2022-12-23 00:23:23 +0800
committerRvfg <i@rvf6.com>2022-12-23 00:49:24 +0800
commita43c7b2a70da8e7ed82749daf4c13543876b44cf (patch)
tree240be2cb7082324242a24079b6467d00837abf8b /nixos/modules/services/audio
parent2379de680d8c7d652cfc9a94b7e42691846c70a4 (diff)
downloadnixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.tar
nixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.tar.gz
nixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.tar.bz2
nixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.tar.lz
nixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.tar.xz
nixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.tar.zst
nixlib-a43c7b2a70da8e7ed82749daf4c13543876b44cf.zip
nixos/{firewall, nat}: add a nftables based implementation
Diffstat (limited to 'nixos/modules/services/audio')
-rw-r--r--nixos/modules/services/audio/roon-bridge.nix7


-rw-r--r--nixos/modules/services/audio/roon-server.nix7


2 files changed, 12 insertions, 2 deletions
diff --git a/nixos/modules/services/audio/roon-bridge.nix b/nixos/modules/services/audio/roon-bridge.nix
index db84ba286221..e9335091ba9a 100644
--- a/nixos/modules/services/audio/roon-bridge.nix
+++ b/nixos/modules/services/audio/roon-bridge.nix
@@ -53,13 +53,18 @@ in {
     networking.firewall = mkIf cfg.openFirewall {
       allowedTCPPortRanges = [{ from = 9100; to = 9200; }];
       allowedUDPPorts = [ 9003 ];
-      extraCommands = ''
+      extraCommands = optionalString (!config.networking.nftables.enable) ''
         iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
         iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT
         iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT
         iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
         iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
       '';
+      extraInputRules = optionalString config.networking.nftables.enable ''
+        ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept
+        ip daddr 224.0.0.0/4 accept
+        pkttype { multicast, broadcast } accept
+      '';
     };
 
 
diff --git a/nixos/modules/services/audio/roon-server.nix b/nixos/modules/services/audio/roon-server.nix
index 74cae909f5db..fbe74f63b9da 100644
--- a/nixos/modules/services/audio/roon-server.nix
+++ b/nixos/modules/services/audio/roon-server.nix
@@ -58,7 +58,7 @@ in {
         { from = 30000; to = 30010; }
       ];
       allowedUDPPorts = [ 9003 ];
-      extraCommands = ''
+      extraCommands = optionalString (!config.networking.nftables.enable) ''
         ## IGMP / Broadcast ##
         iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
         iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT
@@ -66,6 +66,11 @@ in {
         iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
         iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT
       '';
+      extraInputRules = optionalString config.networking.nftables.enable ''
+        ip saddr { 224.0.0.0/4, 240.0.0.0/5 } accept
+        ip daddr 224.0.0.0/4 accept
+        pkttype { multicast, broadcast } accept
+      '';
     };
 
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-13 18:33:56 +0000