nixos/samba-wsdd: add openFirewall option

1 files changed, 12 insertions, 7 deletions

diff --git a/nixos/modules/services/network-filesystems/samba-wsdd.nix b/nixos/modules/services/network-filesystems/samba-wsdd.nix
index 24407f05de6a..ad600796217b 100644
--- a/nixos/modules/services/network-filesystems/samba-wsdd.nix
+++ b/nixos/modules/services/network-filesystems/samba-wsdd.nix
@@ -11,13 +11,6 @@ in {
       enable = mkEnableOption (lib.mdDoc ''
         Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device,
         to be found by Web Service Discovery Clients like Windows.
-
-        ::: {.note}
-        If you use the firewall consider adding the following:
-
-            networking.firewall.allowedTCPPorts = [ 5357 ];
-            networking.firewall.allowedUDPPorts = [ 3702 ];
-        :::
       '');
       interface = mkOption {
         type = types.nullOr types.str;
@@ -31,6 +24,13 @@ in {
         example = 2;
         description = lib.mdDoc "Hop limit for multicast packets (default = 1).";
       };
+      openFirewall = mkOption {
+        description = lib.mdDoc ''
+          Whether to open the required firewall ports in the firewall.
+        '';
+        default = false;
+        type = lib.types.bool;
+      };
       workgroup = mkOption {
         type = types.nullOr types.str;
         default = null;
@@ -120,5 +120,10 @@ in {
         SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources";
       };
     };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 5357 ];
+      allowedUDPPorts = [ 3702 ];
+    };
   };
 }