From ea90c516e79a9231acef34e369c544836242ef34 Mon Sep 17 00:00:00 2001
From: Matthew Leach <dev@mattleach.net>
Date: Tue, 30 Nov 2021 19:16:08 +0000
Subject: [PATCH] nixos/shairport-sync: add firewall rules

Add an option to automatically open the firewall for shairport.
---
 .../modules/services/networking/shairport-sync.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/nixos/modules/services/networking/shairport-sync.nix b/nixos/modules/services/networking/shairport-sync.nix
index ac526c0e9f6f..bd24931abb01 100644
--- a/nixos/modules/services/networking/shairport-sync.nix
+++ b/nixos/modules/services/networking/shairport-sync.nix
@@ -36,6 +36,14 @@ in
         '';
       };
 
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to automatically open ports in the firewall.
+        '';
+      };
+
       user = mkOption {
         type = types.str;
         default = "shairport";
@@ -66,6 +74,12 @@ in
         extraGroups = [ "audio" ] ++ optional config.hardware.pulseaudio.enable "pulse";
       };
 
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 5000 ];
+      allowedUDPPortRanges = [ { from = 6001; to = 6011; } ];
+    };
+
     systemd.services.shairport-sync =
       {
         description = "shairport-sync";