Skip to content
Permalink
Browse files

miniupnpd wip

  • Loading branch information
peterhoeg committed Mar 14, 2018
1 parent cc4677c commit c2dd0aec722ea3c4fc5c4023a456413e7bbd0e5b
Showing with 23 additions and 7 deletions.
  1. +23 −7 nixos/modules/services/networking/miniupnpd.nix
@@ -4,10 +4,15 @@ with lib;

let
cfg = config.services.miniupnpd;

boolToStr = bool: if bool then "yes" else "no";

configFile = pkgs.writeText "miniupnpd.conf" ''
ext_ifname=${cfg.externalInterface}
enable_natpmp=${if cfg.natpmp then "yes" else "no"}
enable_upnp=${if cfg.upnp then "yes" else "no"}
enable_natpmp=${boolToStr cfg.natpmp}
enable_upnp=${boolToStr cfg.upnp}
secure_mode=${boolToStr cfg.secureMode}
lease_file=/var/lib/miniupnpd/upnp.leases
${concatMapStrings (range: ''
listening_ip=${range}
@@ -18,24 +23,32 @@ let
in
{
options = {
services.miniupnpd = {
services.miniupnpd = with types; {
enable = mkEnableOption "MiniUPnP daemon";

externalInterface = mkOption {
type = types.str;
type = str;
description = ''
Name of the external interface.
'';
};

internalIPs = mkOption {
type = types.listOf types.str;
type = listOf str;
example = [ "192.168.1.1/24" "enp1s0" ];
description = ''
The IP address ranges to listen on.
'';
};

secureMode = mkOption {
type = bool;
default = true;
description = ''
Secure mode where a device can only set up mappings for its own IP address.
'';
};

natpmp = mkEnableOption "NAT-PMP support";

upnp = mkOption {
@@ -90,9 +103,12 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}";
PIDFile = "/var/run/miniupnpd.pid";
DynamicUser = true;
CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
StateDirectory = "miniupnpd";
Type = "forking";
ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}";
PIDFile = "/run/miniupnpd.pid";
};
};
};

0 comments on commit c2dd0ae

Please sign in to comment.
You can’t perform that action at this time.