nixos/mosh: add `programs.mosh.openFirewall`

author: Michael Hoang <enzime@users.noreply.github.com> 2023-12-10 21:16:09 +1100
committer: Michael Hoang <enzime@users.noreply.github.com> 2023-12-16 12:57:20 +1100
commit: 5a211498edf9d124a5bcb647ca78a20d73c61cbe (patch)
tree: aea2dd5b1c974411fcd11cdc0fb1c5779e90ba4c /nixos/modules/programs/mosh.nix
parent: f9be47e08cd957bfddb93fa080810798057be047 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/nixos/modules/programs/mosh.nix b/nixos/modules/programs/mosh.nix
index 012cd2c895d9d..593246ab6dcd1 100644
--- a/nixos/modules/programs/mosh.nix
+++ b/nixos/modules/programs/mosh.nix
@@ -8,6 +8,10 @@ in
 {
   options.programs.mosh = {
     enable = lib.mkEnableOption "mosh";
+    openFirewall = lib.mkEnableOption "" // {
+      description = "Whether to automatically open the necessary ports in the firewall.";
+      default = true;
+    };
     withUtempter = lib.mkEnableOption "" // {
       description = lib.mdDoc ''
         Whether to enable libutempter for mosh.
@@ -21,7 +25,7 @@ in
 
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ pkgs.mosh ];
-    networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
+    networking.firewall.allowedUDPPortRanges = lib.optional cfg.openFirewall { from = 60000; to = 61000; };
     security.wrappers = lib.mkIf cfg.withUtempter {
       utempter = {
         source = "${pkgs.libutempter}/lib/utempter/utempter";
author	Michael Hoang <enzime@users.noreply.github.com>	2023-12-10 21:16:09 +1100
committer	Michael Hoang <enzime@users.noreply.github.com>	2023-12-16 12:57:20 +1100
commit	5a211498edf9d124a5bcb647ca78a20d73c61cbe (patch)
tree	aea2dd5b1c974411fcd11cdc0fb1c5779e90ba4c /nixos/modules/programs/mosh.nix
parent	f9be47e08cd957bfddb93fa080810798057be047 (diff)