Merge pull request #148049 from hexagonal-sun/shairport-firewall-rules

nixos/shairport-sync: add firewall rules
2021-12-02 15:21:28 -05:00 · 2021-12-02 15:21:28 -05:00 · ac573f3975
parent d3a2719fe8 ea90c516e7
commit ac573f3975
1 changed files with 14 additions and 0 deletions
--- a/nixos/modules/services/networking/shairport-sync.nix
+++ b/nixos/modules/services/networking/shairport-sync.nix
@ -36,6 +36,14 @@ in
        '';
      };

+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to automatically open ports in the firewall.
+        '';
+      };
+
      user = mkOption {
        type = types.str;
        default = "shairport";
@ -66,6 +74,12 @@ in
        extraGroups = [ "audio" ] ++ optional config.hardware.pulseaudio.enable "pulse";
      };

+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 5000 ];
+      allowedUDPPortRanges = [ { from = 6001; to = 6011; } ];
+    };
+
    systemd.services.shairport-sync =
      {
        description = "shairport-sync";