modules/dns: Provide the option to open the required firewall ports

1 files changed, 33 insertions, 1 deletions

diff --git a/modules/by-name/dn/dns/module.nix b/modules/by-name/dn/dns/module.nix
index 0b888c5..432ba7e 100644
--- a/modules/by-name/dn/dns/module.nix
+++ b/modules/by-name/dn/dns/module.nix
@@ -13,14 +13,42 @@
     cfg.zones;
 
   dns = import ./dns {inherit lib;};
+
+  ports = let
+    parsePorts = listeners: let
+      splitAddress = addr: lib.splitString "@" addr;
+
+      extractPort = addr: let
+        split = splitAddress addr;
+      in
+        lib.toInt (
+          if (builtins.length split) == 2
+          then builtins.elemAt split 1
+          else "53"
+        );
+    in
+      builtins.map extractPort listeners;
+  in
+    lib.unique (parsePorts cfg.interfaces);
 in {
   options.vhack.dns = {
     enable = lib.mkEnableOption "custom dns server";
 
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Open the following ports:
+        TCP (${lib.concatStringsSep ", " (map toString ports)})
+        UDP (${lib.concatStringsSep ", " (map toString ports)})
+      '';
+    };
+
     interfaces = lib.mkOption {
       type = lib.types.listOf lib.types.str;
       description = ''
-        A list of the interfaces to bind to.
+        A list of the interfaces to bind to. To select the port add `@` to the end of the
+        interface. The default port is 53.
       '';
       example = [
         "192.168.1.3"
@@ -40,5 +68,9 @@ in {
       inherit (cfg) interfaces;
       inherit zones;
     };
+
+    networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall ports;
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall ports;
+
   };
 }