diff options
author | Peter Hoeg <peter@speartail.com> | 2017-02-05 15:36:41 +0800 |
---|---|---|
committer | Peter Hoeg <peter@hoeg.com> | 2017-10-14 14:38:04 +0800 |
commit | 178a96f99be69a173669254295d5a06732e7a906 (patch) | |
tree | f78c5aed98e4dacf74097ac68eafbc97eac20481 /nixos | |
parent | fde0bad57796e29337e8a1f1dcbb0164f5e56b1c (diff) | |
download | nixlib-178a96f99be69a173669254295d5a06732e7a906.tar nixlib-178a96f99be69a173669254295d5a06732e7a906.tar.gz nixlib-178a96f99be69a173669254295d5a06732e7a906.tar.bz2 nixlib-178a96f99be69a173669254295d5a06732e7a906.tar.lz nixlib-178a96f99be69a173669254295d5a06732e7a906.tar.xz nixlib-178a96f99be69a173669254295d5a06732e7a906.tar.zst nixlib-178a96f99be69a173669254295d5a06732e7a906.zip |
firewalld: init at 0.4.4.4
Includes systemd module.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/firewalld.nix | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5e6b42dea543..1eef781a31df 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -437,6 +437,7 @@ ./services/networking/firefox/sync-server.nix ./services/networking/fireqos.nix ./services/networking/firewall.nix + ./services/networking/firewalld.nix ./services/networking/flannel.nix ./services/networking/flashpolicyd.nix ./services/networking/freenet.nix diff --git a/nixos/modules/services/networking/firewalld.nix b/nixos/modules/services/networking/firewalld.nix new file mode 100644 index 000000000000..02d694af3907 --- /dev/null +++ b/nixos/modules/services/networking/firewalld.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.networking.firewalld; + +in { + ###### interface + + options = { + networking.firewalld = { + enable = mkOption { + type = types.bool; + default = false; + description = + '' + Whether to enable firewalld. firewalld is a high-level Linux-based packet + filtering framework intended for desktop use cases. + + This conflicts with the standard networking firewall, so make sure to + disable it before using firewalld. + ''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + assertions = [{ + assertion = config.networking.firewall.enable == false; + message = "You can not use firewalld with services.networking.firewall."; + }]; + + environment.etc = [ + { source = "${pkgs.firewalld}/etc/firewalld"; + target = "firewalld"; } + ]; + + services = { + dbus.packages = with pkgs; [ firewalld ]; + }; + + systemd = { + packages = with pkgs; [ firewalld ]; + + services.firewalld = { + wantedBy = [ "multi-user.target" ]; + }; + }; + }; +} |