23 lines
643 B
Nix
23 lines
643 B
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.systemSettings.security.firewall;
|
|
in {
|
|
options = {
|
|
systemSettings.security.firewall = {
|
|
# TODO make this more granular and better :|
|
|
enable = lib.mkEnableOption "Actvate firewall with ports open only for syncthing";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# Firewall
|
|
networking.firewall.enable = true;
|
|
# Open ports in the firewall.
|
|
networking.firewall.allowedTCPPorts = [ 22000 21027 ]; # syncthing
|
|
networking.firewall.allowedUDPPorts = [ 22000 21027 ]; # syncthing
|
|
# Or disable the firewall altogether.
|
|
# networking.firewall.enable = false;
|
|
};
|
|
}
|