From 7f015d342fc152b4b9135ed24d79daebe9e95b2f Mon Sep 17 00:00:00 2001 From: James Patrick Date: Sun, 14 Aug 2022 20:33:40 -0400 Subject: [PATCH] Refactor of the networking part. Added new option. `config.system.networking.allowedPorts` as well as a boolean for enabling/disabling this. --- modules/system/networking.nix | 39 ++++++++++++++++++++++++++++------- profiles/laptop.nix | 2 -- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/modules/system/networking.nix b/modules/system/networking.nix index c2f00f6..3536ae6 100644 --- a/modules/system/networking.nix +++ b/modules/system/networking.nix @@ -1,11 +1,34 @@ -{ config, lib, pkgs, ... }: { - programs.mtr.enable = true; - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ 443 80 ]; - allowedUDPPorts = [ 443 80 ]; - allowPing = false; +{ config, lib, pkgs, user, ... }: +let + this = config.system.networking; +in +with lib; { + options = { + system.networking = { + enable = mkOption { + default = true; + type = with types; bool; + }; + + allowedPorts = mkOption { + default = with pkgs; [ 443 80 ]; + type = with types; listOf port; + description = "List of ports that can be opened. Applies to both UDP and TCP"; + }; + }; + }; + + config = mkIf this.enable { + networking.networkmanager.enable = true; + users.users."${user.name}".extraGroups = [ "networkmanager" ]; + programs.mtr.enable = true; + networking = { + firewall = { + enable = true; + allowedTCPPorts = this.allowedPorts; + allowedUDPPorts = this.allowedPorts; + allowPing = false; + }; }; }; } diff --git a/profiles/laptop.nix b/profiles/laptop.nix index 54b2703..811fccc 100644 --- a/profiles/laptop.nix +++ b/profiles/laptop.nix @@ -1,6 +1,4 @@ { config, lib, pkgs, user, ... }: { imports = [ ./graphical.nix ]; my.system.boot.enable = true; - networking.networkmanager.enable = true; - users.users."${user.name}".extraGroups = [ "networkmanager" ]; }