diff --git a/flake.nix b/flake.nix index 96467b6..7c19ab8 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,7 @@ l.nixosSystem { modules = [ ./hosts/${hostname} + ./modules/default.nix ( if b.pathExists ./secrets/${hostname} then ./secrets/${hostname} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..d2aca0c --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./natpmp-portforward.nix + ]; +} diff --git a/modules/natpmp-portforward.nix b/modules/natpmp-portforward.nix new file mode 100644 index 0000000..a5e73c1 --- /dev/null +++ b/modules/natpmp-portforward.nix @@ -0,0 +1,57 @@ +{ + lib, + pkgs, + config, + ... +}: let + cfg = config.own.natpmp-portforward; +in { + options.own.natpmp-portforward = { + enable = lib.mkEnableOption "enable natpmp port forwarding service"; + mappings = lib.types.listOf (lib.types.submodule { + options = { + public = lib.mkOption { + type = lib.types.port; + }; + private = lib.mkOption { + type = lib.types.port; + }; + protocol = lib.mkOption { + default = "tcp"; + type = lib.types.enum [ + "tcp" + "udp" + ]; + }; + }; + }); + }; + + config = lib.mkIf cfg.enable { + systemd.services.natpmp-portforward = { + requisite = ["network-online.target"]; + serviceConfig = { + Restart = "on-failure"; + ExecStart = pkgs.writeScript "natpmp-portforward" '' + #!${pkgs.bash}/bin/bash + + "${lib.concatMapStrings (x: '' + ${pkgs.libnatpmp}/bin/natpmpc -a ${x.public} ${x.private} ${x.protocol} 60 + '') + cfg.mappings}" + ''; + }; + }; + + systemd.timers.natpmp-portforward = { + requires = ["network-online.target"]; + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "1m"; + OnUnitActiveSec = "1m"; + AccuracySec = "5s"; + Unit = "natpmp-portforward.service"; + }; + }; + }; +}