From 53305dc496f7f15504a8ef2f1f9511fb0b2f78ab Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 22 Jun 2015 15:24:09 +0200
Subject: tv: modularize iptables configuration

---
 modules/tv/iptables/options.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 modules/tv/iptables/options.nix

(limited to 'modules/tv/iptables/options.nix')

diff --git a/modules/tv/iptables/options.nix b/modules/tv/iptables/options.nix
new file mode 100644
index 000000000..79be1d08a
--- /dev/null
+++ b/modules/tv/iptables/options.nix
@@ -0,0 +1,29 @@
+{ lib, ... }:
+
+let
+  inherit (lib) mkOption types;
+in
+
+{
+  enable = mkOption {
+    type = types.bool;
+    default = false;
+    description = "Enable iptables.";
+  };
+
+  input-internet-accept-new-tcp = mkOption {
+    type = with types; listOf str;
+    default = [];
+    description = ''
+      ip{4,6}tables -A INPUT -j ACCEPT -p tcp --dport $port -m conntrack --ctstate NEW
+    '';
+  };
+
+  input-retiolum-accept-new-tcp = mkOption {
+    type = with types; listOf str;
+    default = [];
+    description = ''
+      ip{4,6}tables -A Retiolum -j ACCEPT -p tcp --dport $port -m conntrack --ctstate NEW
+    '';
+  };
+}
-- 
cgit v1.2.3