nixos/ausweisapp: init module with firewall option

Optional functionality of AusweisApp2 requires an UDP port to be opened. The module allows for convenient configuration and serves as documentation. See also https://github.com/NixOS/nixpkgs/issues/136269
author: Markus S. Wamser <github-dev@mail2013.wamser.eu> 2021-09-04 23:03:26 +0200
committer: Sandro Jäckel <sandro.jaeckel@gmail.com> 2022-09-10 23:48:20 +0200
commit: b20df24e2c3af148669d184665ce7deedf5ce289 (patch)
tree: dc4d308e3c1092a402b48ffdbb10911b872b8d20 /nixos/modules/programs
parent: d68d3438fc6a8cecd1282b5e8bd176aceaccb81b (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/nixos/modules/programs/ausweisapp.nix b/nixos/modules/programs/ausweisapp.nix
new file mode 100644
index 0000000000000..ef1f059568c6a
--- /dev/null
+++ b/nixos/modules/programs/ausweisapp.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg  = config.programs.ausweisapp;
+in
+{
+  options.programs.ausweisapp = {
+    enable = mkEnableOption (lib.mdDoc "AusweisApp2");
+
+    openFirewall = mkOption {
+      description = lib.mdDoc ''
+        Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp2.
+      '';
+      default = false;
+      type = lib.types.bool;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ AusweisApp2 ];
+    networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 24727 ];
+  };
+}
author	Markus S. Wamser <github-dev@mail2013.wamser.eu>	2021-09-04 23:03:26 +0200
committer	Sandro Jäckel <sandro.jaeckel@gmail.com>	2022-09-10 23:48:20 +0200
commit	b20df24e2c3af148669d184665ce7deedf5ce289 (patch)
tree	dc4d308e3c1092a402b48ffdbb10911b872b8d20 /nixos/modules/programs
parent	d68d3438fc6a8cecd1282b5e8bd176aceaccb81b (diff)