| blob | 64aacaf35040468cc26b9a07e73e2aad34f3a527 |
1 { config, lib, pkgs, ... }:
3 with lib;
5 let
6 cfg = config.services.miniupnpd;
7 configFile = pkgs.writeText "miniupnpd.conf" ''
8 ext_ifname=${cfg.externalInterface}
9 enable_natpmp=${if cfg.natpmp then "yes" else "no"}
10 enable_upnp=${if cfg.upnp then "yes" else "no"}
12 ${concatMapStrings (range: ''
13 listening_ip=${range}
14 '') cfg.internalIPs}
16 ${cfg.appendConfig}
17 '';
18 in
19 {
20 options = {
21 services.miniupnpd = {
22 enable = mkEnableOption (lib.mdDoc "MiniUPnP daemon");
24 externalInterface = mkOption {
25 type = types.str;
26 description = lib.mdDoc ''
27 Name of the external interface.
28 '';
29 };
31 internalIPs = mkOption {
32 type = types.listOf types.str;
33 example = [ "192.168.1.1/24" "enp1s0" ];
34 description = lib.mdDoc ''
35 The IP address ranges to listen on.
36 '';
37 };
39 natpmp = mkEnableOption (lib.mdDoc "NAT-PMP support");
41 upnp = mkOption {
42 default = true;
43 type = types.bool;
44 description = lib.mdDoc ''
45 Whether to enable UPNP support.
46 '';
47 };
49 appendConfig = mkOption {
50 type = types.lines;
51 default = "";
52 description = lib.mdDoc ''
53 Configuration lines appended to the MiniUPnP config.
54 '';
55 };
56 };
57 };
59 config = mkIf cfg.enable {
60 networking.firewall.extraCommands = ''
61 ${pkgs.bash}/bin/bash -x ${pkgs.miniupnpd}/etc/miniupnpd/iptables_init.sh -i ${cfg.externalInterface}
62 '';
64 networking.firewall.extraStopCommands = ''
65 ${pkgs.bash}/bin/bash -x ${pkgs.miniupnpd}/etc/miniupnpd/iptables_removeall.sh -i ${cfg.externalInterface}
66 '';
68 systemd.services.miniupnpd = {
69 description = "MiniUPnP daemon";
70 after = [ "network.target" ];
71 wantedBy = [ "multi-user.target" ];
72 serviceConfig = {
73 ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}";
74 PIDFile = "/run/miniupnpd.pid";
75 Type = "forking";
76 };
77 };
78 };
79 }