diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/firewalld.nix | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5e6b42dea543..1eef781a31df 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -437,6 +437,7 @@ ./services/networking/firefox/sync-server.nix ./services/networking/fireqos.nix ./services/networking/firewall.nix + ./services/networking/firewalld.nix ./services/networking/flannel.nix ./services/networking/flashpolicyd.nix ./services/networking/freenet.nix diff --git a/nixos/modules/services/networking/firewalld.nix b/nixos/modules/services/networking/firewalld.nix new file mode 100644 index 000000000000..02d694af3907 --- /dev/null +++ b/nixos/modules/services/networking/firewalld.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.networking.firewalld; + +in { + ###### interface + + options = { + networking.firewalld = { + enable = mkOption { + type = types.bool; + default = false; + description = + '' + Whether to enable firewalld. firewalld is a high-level Linux-based packet + filtering framework intended for desktop use cases. + + This conflicts with the standard networking firewall, so make sure to + disable it before using firewalld. + ''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + assertions = [{ + assertion = config.networking.firewall.enable == false; + message = "You can not use firewalld with services.networking.firewall."; + }]; + + environment.etc = [ + { source = "${pkgs.firewalld}/etc/firewalld"; + target = "firewalld"; } + ]; + + services = { + dbus.packages = with pkgs; [ firewalld ]; + }; + + systemd = { + packages = with pkgs; [ firewalld ]; + + services.firewalld = { + wantedBy = [ "multi-user.target" ]; + }; + }; + }; +} |