Make opening ports in the firewall optional

This commit is contained in:
Simon Žlender 2021-02-09 21:08:22 +01:00
parent 5f431207b3
commit 0c4b9a8985
2 changed files with 7 additions and 1 deletions

View file

@ -25,6 +25,12 @@ in
options.mailserver = { options.mailserver = {
enable = mkEnableOption "nixos-mailserver"; enable = mkEnableOption "nixos-mailserver";
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Automatically open ports in the firewall.";
};
fqdn = mkOption { fqdn = mkOption {
type = types.str; type = types.str;
example = "mx.example.com"; example = "mx.example.com";

View file

@ -20,7 +20,7 @@ let
cfg = config.mailserver; cfg = config.mailserver;
in in
{ {
config = with cfg; lib.mkIf enable { config = with cfg; lib.mkIf (enable && openFirewall) {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 25 ] allowedTCPPorts = [ 25 ]