2 files changed, 54 insertions, 0 deletions

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 5e6b42dea543..1eef781a31df 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -437,6 +437,7 @@
   ./services/networking/firefox/sync-server.nix
   ./services/networking/fireqos.nix
   ./services/networking/firewall.nix
+  ./services/networking/firewalld.nix
   ./services/networking/flannel.nix
   ./services/networking/flashpolicyd.nix
   ./services/networking/freenet.nix
diff --git a/nixos/modules/services/networking/firewalld.nix b/nixos/modules/services/networking/firewalld.nix
new file mode 100644
index 000000000000..02d694af3907
--- /dev/null
+++ b/nixos/modules/services/networking/firewalld.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.networking.firewalld;
+
+in {
+  ###### interface
+
+  options = {
+    networking.firewalld = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description =
+          ''
+            Whether to enable firewalld.  firewalld is a high-level Linux-based packet
+            filtering framework intended for desktop use cases.
+
+            This conflicts with the standard networking firewall, so make sure to
+            disable it before using firewalld.
+          '';
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    assertions = [{
+      assertion = config.networking.firewall.enable == false;
+      message = "You can not use firewalld with services.networking.firewall.";
+    }];
+
+    environment.etc = [
+    { source = "${pkgs.firewalld}/etc/firewalld";
+      target = "firewalld"; }
+    ];
+
+    services = {
+      dbus.packages = with pkgs; [ firewalld ];
+    };
+
+    systemd = {
+      packages = with pkgs; [ firewalld ];
+
+      services.firewalld = {
+        wantedBy = [ "multi-user.target" ];
+      };
+    };
+  };
+}