Make config.machine.firewall an alias of networking.firewall.

2019-08-27 16:24:59 +02:00 · 2019-08-27 16:24:59 +02:00 · be5ef36567
parent 5d017ce18f
commit be5ef36567
6 changed files with 6 additions and 50 deletions
--- a/config/networking.nix
+++ b/config/networking.nix
@ -5,14 +5,5 @@ let
 in {
  networking = {
    hostName = config.machine.hostName;
-
-    firewall = {
-      enable = true;
-      allowPing = firewallcfg.allowPing;
-      allowedUDPPorts = firewallcfg.allowedUDPPorts;
-      allowedTCPPorts = firewallcfg.allowedTCPPorts;
-      allowedUDPPortRanges = firewallcfg.allowedUDPPortRanges;
-      allowedTCPPortRanges = firewallcfg.allowedTCPPortRanges;
-    };
  };
 }
--- a/machines/CDServer/options.nix
+++ b/machines/CDServer/options.nix
@ -32,11 +32,10 @@ with lib;
      "openssh"
    ];
    firewall = {
+      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
      allowedTCPPorts = [ 80 443 ];
-      allowedUDPPortRanges = [];
-      allowedTCPPortRanges = [];
    };
  };
 }
--- a/machines/DavidsServer/options.nix
+++ b/machines/DavidsServer/options.nix
@ -34,11 +34,10 @@ with lib;
      { domain = "mail.${base}"; service = "mail"; }
    ]);
    firewall = {
+      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
      allowedTCPPorts = [ 80 443 ];
-      allowedUDPPortRanges = [];
-      allowedTCPPortRanges = [];
    };
  };
 }
--- a/machines/Lilim/options.nix
+++ b/machines/Lilim/options.nix
@ -36,9 +36,8 @@ with lib;
      "cups"
    ];
    firewall = {
+      enable = true;
      allowPing = true;
-      allowedUDPPorts = [];
-      allowedTCPPorts = [];
      allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
      allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
    };
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@ -43,11 +43,10 @@ with lib;
      { domain = "git.${base}"; service = "gitea"; }
    ]);
    firewall = {
+      enable = true;
      allowPing = false;
      allowedUDPPorts = [ 22 80 443 ];
-      allowedTCPPorts = [ 80 443 ]; # 5222 5269 ];
-      allowedUDPPortRanges = [];
-      allowedTCPPortRanges = [];
+      allowedTCPPorts = [ 80 443 ];
    };
  };
  config.services.mailman3 = {
--- a/options/machine.nix
+++ b/options/machine.nix
@ -59,38 +59,6 @@ with lib;
        Domain - Service mappings for nginx vHost config.
      '';
    };
-    firewall = {
-        allowPing = mkOption {
-          type = types.bool;
-          description = ''
-            See networking.firewall.allowPing.
-          '';
-        };
-        allowedUDPPorts = mkOption {
-          type = types.listOf types.int;
-          description = ''
-            See networking.firewall.allowerdUDPPorts.
-          '';
-        };
-        allowedTCPPorts = mkOption {
-          type = types.listOf types.int;
-          description = ''
-            See networking.firewall.allowedTCPPorts.
-          '';
-        };
-        allowedUDPPortRanges = mkOption {
-          type = types.listOf (types.attrsOf types.int);
-          description = ''
-            See networking.firewall.allowerdUDPPortRanges.
-          '';
-        };
-        allowedTCPPortRanges = mkOption {
-          type = types.listOf (types.attrsOf types.int);
-          description = ''
-            See networking.firewall.allowedTCPPortRanges.
-          '';
-        };
-    };
    desktop.wms = mkOption {
      type = types.listOf types.string;
      default = [];
@ -99,4 +67,5 @@ with lib;
      '';
    };
  };
+  imports = [(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])];
 }