Refactor of the networking part.
Added new option. `config.system.networking.allowedPorts` as well as a boolean for enabling/disabling this.
This commit is contained in:
parent
95e6223340
commit
7f015d342f
|
@ -1,11 +1,34 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
{ config, lib, pkgs, user, ... }:
|
||||
let
|
||||
this = config.system.networking;
|
||||
in
|
||||
with lib; {
|
||||
options = {
|
||||
system.networking = {
|
||||
enable = mkOption {
|
||||
default = true;
|
||||
type = with types; bool;
|
||||
};
|
||||
|
||||
allowedPorts = mkOption {
|
||||
default = with pkgs; [ 443 80 ];
|
||||
type = with types; listOf port;
|
||||
description = "List of ports that can be opened. Applies to both UDP and TCP";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf this.enable {
|
||||
networking.networkmanager.enable = true;
|
||||
users.users."${user.name}".extraGroups = [ "networkmanager" ];
|
||||
programs.mtr.enable = true;
|
||||
networking = {
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 443 80 ];
|
||||
allowedUDPPorts = [ 443 80 ];
|
||||
allowedTCPPorts = this.allowedPorts;
|
||||
allowedUDPPorts = this.allowedPorts;
|
||||
allowPing = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{ config, lib, pkgs, user, ... }: {
|
||||
imports = [ ./graphical.nix ];
|
||||
my.system.boot.enable = true;
|
||||
networking.networkmanager.enable = true;
|
||||
users.users."${user.name}".extraGroups = [ "networkmanager" ];
|
||||
}
|
||||
|
|
Reference in New Issue
Block a user