diff options
author | Pascal Bach <pascal.bach@nextrem.ch> | 2022-04-21 19:40:20 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-21 19:40:20 +0200 |
commit | d9309f43b3f1c038140662e6a80bfb190547c7b4 (patch) | |
tree | 3ccfea7768b9cbec1c7ddddc24a0cf46eff105ad /nixos/modules | |
parent | c11ee1c598b15a24d18f142f85ee3d438afc39e6 (diff) | |
parent | 0d49836dec33b6749c1775a48d019a4a52a41cc5 (diff) | |
download | nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.tar nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.tar.gz nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.tar.bz2 nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.tar.lz nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.tar.xz nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.tar.zst nixpkgs-d9309f43b3f1c038140662e6a80bfb190547c7b4.zip |
Merge pull request #155424 from tobim/nixos/snapserver-firewall
nixos/snapserver: don't open ports by default
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/audio/snapserver.nix | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix index 6d5ce98df89..91d97a0b551 100644 --- a/nixos/modules/services/audio/snapserver.nix +++ b/nixos/modules/services/audio/snapserver.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, options, lib, pkgs, ... }: with lib; @@ -101,6 +101,8 @@ in { openFirewall = mkOption { type = types.bool; + # Make the behavior consistent with other services. Set the default to + # false and remove the accompanying warning after NixOS 22.05 is released. default = true; description = '' Whether to automatically open the specified ports in the firewall. @@ -273,10 +275,16 @@ in { config = mkIf cfg.enable { - # https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85 - warnings = filter (w: w != "") (mapAttrsToList (k: v: if v.type == "spotify" then '' - services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead. - '' else "") cfg.streams); + warnings = + # https://github.com/badaix/snapcast/blob/98ac8b2fb7305084376607b59173ce4097c620d8/server/streamreader/stream_manager.cpp#L85 + filter (w: w != "") (mapAttrsToList (k: v: if v.type == "spotify" then '' + services.snapserver.streams.${k}.type = "spotify" is deprecated, use services.snapserver.streams.${k}.type = "librespot" instead. + '' else "") cfg.streams) + # Remove this warning after NixOS 22.05 is released. + ++ optional (options.services.snapserver.openFirewall.highestPrio >= (mkOptionDefault null).priority) '' + services.snapserver.openFirewall will no longer default to true starting with NixOS 22.11. + Enable it explicitly if you need to control Snapserver remotely. + ''; systemd.services.snapserver = { after = [ "network.target" ]; @@ -304,8 +312,8 @@ in { networking.firewall.allowedTCPPorts = optionals cfg.openFirewall [ cfg.port ] - ++ optional cfg.tcp.enable cfg.tcp.port - ++ optional cfg.http.enable cfg.http.port; + ++ optional (cfg.openFirewall && cfg.tcp.enable) cfg.tcp.port + ++ optional (cfg.openFirewall && cfg.http.enable) cfg.http.port; }; meta = { |