Merge pull request #262408 from evandeaubl/master

nixos/tailscale: add openFirewall option
author: tomf <tom@tom-fitzhenry.me.uk> 2023-10-28 05:19:41 +1100
committer: GitHub <noreply@github.com> 2023-10-28 05:19:41 +1100
commit: d18f272a39d8879999a55f1c308020e5bf18cab3 (patch)
tree: 13678ae02d754004d319ffb604b2b19a0fc10dea /nixos
parent: 3e8e17821822ef190d72db3a612ea9be5a441ca9 (diff)
parent: 9407ed628de381dbf51d508081ea1564f32f2bff (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix
index 8b35cc8d66697..a5d171e0baabe 100644
--- a/nixos/modules/services/networking/tailscale.nix
+++ b/nixos/modules/services/networking/tailscale.nix
@@ -31,6 +31,12 @@ in {
 
     package = lib.mkPackageOptionMD pkgs "tailscale" {};
 
+    openFirewall = mkOption {
+      default = false;
+      type = types.bool;
+      description = lib.mdDoc "Whether to open the firewall for the specified port.";
+    };
+
     useRoutingFeatures = mkOption {
       type = types.enum [ "none" "client" "server" "both" ];
       default = "none";
@@ -113,6 +119,8 @@ in {
       "net.ipv6.conf.all.forwarding" = mkOverride 97 true;
     };
 
+    networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ cfg.port ];
+
     networking.firewall.checkReversePath = mkIf (cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both") "loose";
 
     networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ];
author	tomf <tom@tom-fitzhenry.me.uk>	2023-10-28 05:19:41 +1100
committer	GitHub <noreply@github.com>	2023-10-28 05:19:41 +1100
commit	d18f272a39d8879999a55f1c308020e5bf18cab3 (patch)
tree	13678ae02d754004d319ffb604b2b19a0fc10dea /nixos
parent	3e8e17821822ef190d72db3a612ea9be5a441ca9 (diff)
parent	9407ed628de381dbf51d508081ea1564f32f2bff (diff)