services.murmur: add openFirewall option

author: Felix Buehler <account@buehler.rocks> 2022-07-24 10:27:48 +0200
committer: Felix Buehler <account@buehler.rocks> 2022-07-24 10:32:37 +0200
commit: 17e93b090e5c1470b2c45617c48f85b41df7e224 (patch)
tree: 7a082f26590d7decf22efdb94ff32b81f312f0e3 /nixos/modules/services/networking/murmur.nix
parent: 10812f61cc6e84ad37db5bd245a8c1636f5947b8 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix
index 06ec04dbbf16a..84b9936aa6235 100644
--- a/nixos/modules/services/networking/murmur.nix
+++ b/nixos/modules/services/networking/murmur.nix
@@ -59,6 +59,14 @@ in
         description = "If enabled, start the Murmur Mumble server.";
       };
 
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Open ports in the firewall for the Murmur Mumble server.
+        '';
+      };
+
       autobanAttempts = mkOption {
         type = types.int;
         default = 10;
@@ -291,6 +299,11 @@ in
       gid             = config.ids.gids.murmur;
     };
 
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+      allowedUDPPorts = [ cfg.port ];
+    };
+
     systemd.services.murmur = {
       description = "Murmur Chat Service";
       wantedBy    = [ "multi-user.target" ];
author	Felix Buehler <account@buehler.rocks>	2022-07-24 10:27:48 +0200
committer	Felix Buehler <account@buehler.rocks>	2022-07-24 10:32:37 +0200
commit	17e93b090e5c1470b2c45617c48f85b41df7e224 (patch)
tree	7a082f26590d7decf22efdb94ff32b81f312f0e3 /nixos/modules/services/networking/murmur.nix
parent	10812f61cc6e84ad37db5bd245a8c1636f5947b8 (diff)