diff options
author | Markus S. Wamser <github-dev@mail2013.wamser.eu> | 2021-09-04 23:03:26 +0200 |
---|---|---|
committer | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-09-10 23:48:20 +0200 |
commit | b20df24e2c3af148669d184665ce7deedf5ce289 (patch) | |
tree | dc4d308e3c1092a402b48ffdbb10911b872b8d20 /nixos | |
parent | d68d3438fc6a8cecd1282b5e8bd176aceaccb81b (diff) | |
download | nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.tar nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.tar.gz nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.tar.bz2 nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.tar.lz nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.tar.xz nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.tar.zst nixlib-b20df24e2c3af148669d184665ce7deedf5ce289.zip |
nixos/ausweisapp: init module with firewall option
Optional functionality of AusweisApp2 requires an UDP port to be opened. The module allows for convenient configuration and serves as documentation. See also https://github.com/NixOS/nixpkgs/issues/136269
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 8 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2211.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/ausweisapp.nix | 25 |
4 files changed, 36 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index ad241fa6e5a1..1e9e28d4213d 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -267,6 +267,14 @@ </listitem> <listitem> <para> + <link xlink:href="https://www.ausweisapp.bund.de/">AusweisApp2</link>, + the authentication software for the German ID card. Available + as + <link linkend="opt-programs.ausweisapp.enable">programs.ausweisapp</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/zalando/patroni">Patroni</link>, a template for PostgreSQL HA with ZooKeeper, etcd or Consul. Available as diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index b9ae7f5586f9..abd3a739e6c2 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -94,6 +94,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable). +- [AusweisApp2](https://www.ausweisapp.bund.de/), the authentication software for the German ID card. Available as [programs.ausweisapp](#opt-programs.ausweisapp.enable). + - [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul. Available as [services.patroni](options.html#opt-services.patroni.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 12692d7bfbe6..e6f077dd5d08 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -128,6 +128,7 @@ ./programs/adb.nix ./programs/appgate-sdp.nix ./programs/atop.nix + ./programs/ausweisapp.nix ./programs/autojump.nix ./programs/bandwhich.nix ./programs/bash/bash.nix diff --git a/nixos/modules/programs/ausweisapp.nix b/nixos/modules/programs/ausweisapp.nix new file mode 100644 index 000000000000..ef1f059568c6 --- /dev/null +++ b/nixos/modules/programs/ausweisapp.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.ausweisapp; +in +{ + options.programs.ausweisapp = { + enable = mkEnableOption (lib.mdDoc "AusweisApp2"); + + openFirewall = mkOption { + description = lib.mdDoc '' + Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp2. + ''; + default = false; + type = lib.types.bool; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ AusweisApp2 ]; + networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 24727 ]; + }; +} |