diff options
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/firewalld.nix | 53 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/firewalld/default.nix | 94 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
4 files changed, 150 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5e6b42dea543..1eef781a31df 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -437,6 +437,7 @@ ./services/networking/firefox/sync-server.nix ./services/networking/fireqos.nix ./services/networking/firewall.nix + ./services/networking/firewalld.nix ./services/networking/flannel.nix ./services/networking/flashpolicyd.nix ./services/networking/freenet.nix diff --git a/nixos/modules/services/networking/firewalld.nix b/nixos/modules/services/networking/firewalld.nix new file mode 100644 index 000000000000..02d694af3907 --- /dev/null +++ b/nixos/modules/services/networking/firewalld.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.networking.firewalld; + +in { + ###### interface + + options = { + networking.firewalld = { + enable = mkOption { + type = types.bool; + default = false; + description = + '' + Whether to enable firewalld. firewalld is a high-level Linux-based packet + filtering framework intended for desktop use cases. + + This conflicts with the standard networking firewall, so make sure to + disable it before using firewalld. + ''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + assertions = [{ + assertion = config.networking.firewall.enable == false; + message = "You can not use firewalld with services.networking.firewall."; + }]; + + environment.etc = [ + { source = "${pkgs.firewalld}/etc/firewalld"; + target = "firewalld"; } + ]; + + services = { + dbus.packages = with pkgs; [ firewalld ]; + }; + + systemd = { + packages = with pkgs; [ firewalld ]; + + services.firewalld = { + wantedBy = [ "multi-user.target" ]; + }; + }; + }; +} diff --git a/pkgs/os-specific/linux/firewalld/default.nix b/pkgs/os-specific/linux/firewalld/default.nix new file mode 100644 index 000000000000..6b2e58038759 --- /dev/null +++ b/pkgs/os-specific/linux/firewalld/default.nix @@ -0,0 +1,94 @@ +{ stdenv, lib, fetchFromGitHub +, autoreconfHook, docbook_xml_dtd_42, docbook_xsl, gettext, python3Packages +, intltool, libxslt, dbus, pkgconfig, iptables, ebtables, ipset, glib, kmod +, withKde ? true, plasma-nm ? null +}: + +let + slip = python3Packages.buildPythonPackage rec { + name = "python-slip-${version}"; + version = "0.6.4"; + + src = fetchFromGitHub { + owner = "nphilipp"; + repo = "python-slip"; + rev = name; + sha256 = "07zyxy62738dzsvifm1241k0zx5l3xl6s5yfhyn88wc59fa8p570"; + }; + + doCheck = false; # no tests + + buildPhase = '' + runHook preBuild + export PREFIX=$out + make + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + make install + runHook postInstall + ''; + + }; + +in python3Packages.buildPythonApplication rec { + name = "firewalld-${version}"; + version = "0.4.4.4"; + + src = fetchFromGitHub { + owner = "t-woerner"; + repo = "firewalld"; + rev = "v${version}"; + sha256 = "048flfcsi3ibp124k01hhf9bnbpyi3b92jgc96fhfvw6ns2l48qc"; + }; + + doCheck = false; # no tests + + propagatedBuildInputs = with python3Packages; [ + dbus + decorator + pygobject3 + pyqt5 + six + slip + ]; + + buildInputs = [ + autoreconfHook pkgconfig + docbook_xml_dtd_42 docbook_xsl gettext intltool libxslt + dbus ebtables glib ipset iptables + ]; + + preConfigure = '' + patchShebangs . + + substituteInPlace doc/xml/*.xml \ + --replace "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" "${docbook_xml_dtd_42}/xml/dtd/docbook/docbookx.dtd" + + substituteInPlace src/firewall-applet \ + --replace /usr/bin/kde5-nm-connection-editor ${lib.getBin plasma-nm}/bin/kde5-nm-connection-editor + + export MODINFO=${kmod}/bin/modinfo + export MODPROBE=${kmod}/bin/modprobe + export RMMOD=${kmod}/bin/rmmod + ''; + + buildPhase = '' + ./autogen.sh --prefix=$out + make + ''; + + installPhase = '' + make install $out + cp -r config/{helpers,icmptypes,ipsets,services,zones} $out/etc/firewalld + ''; + + meta = with lib; { + description = "A service daemon with D-Bus interface"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ peterhoeg ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 565b17984ced..037e133a7d0d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12212,6 +12212,8 @@ with pkgs; firejail = callPackage ../os-specific/linux/firejail {}; + firewalld = callPackage ../os-specific/linux/firewalld {}; + fnotifystat = callPackage ../os-specific/linux/fnotifystat { }; forkstat = callPackage ../os-specific/linux/forkstat { }; |