diff options
| -rw-r--r-- | modules/by-name/dn/dns/module.nix | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/modules/by-name/dn/dns/module.nix b/modules/by-name/dn/dns/module.nix index 0b888c5..432ba7e 100644 --- a/modules/by-name/dn/dns/module.nix +++ b/modules/by-name/dn/dns/module.nix @@ -13,14 +13,42 @@ cfg.zones; dns = import ./dns {inherit lib;}; + + ports = let + parsePorts = listeners: let + splitAddress = addr: lib.splitString "@" addr; + + extractPort = addr: let + split = splitAddress addr; + in + lib.toInt ( + if (builtins.length split) == 2 + then builtins.elemAt split 1 + else "53" + ); + in + builtins.map extractPort listeners; + in + lib.unique (parsePorts cfg.interfaces); in { options.vhack.dns = { enable = lib.mkEnableOption "custom dns server"; + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Open the following ports: + TCP (${lib.concatStringsSep ", " (map toString ports)}) + UDP (${lib.concatStringsSep ", " (map toString ports)}) + ''; + }; + interfaces = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' - A list of the interfaces to bind to. + A list of the interfaces to bind to. To select the port add `@` to the end of the + interface. The default port is 53. ''; example = [ "192.168.1.3" @@ -40,5 +68,9 @@ in { inherit (cfg) interfaces; inherit zones; }; + + networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall ports; + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall ports; + }; } |