1 files changed, 26 insertions, 15 deletions

diff --git a/sys/syncthing/default.nix b/sys/syncthing/default.nix
index c351e6c..b87e683 100644
--- a/sys/syncthing/default.nix
+++ b/sys/syncthing/default.nix
@@ -5,27 +5,38 @@ in
 {
   options.local.syncthing = {
     enable = mkEnableOption "syncthing server";
+    openFirewall = mkEnableOption "syncthing firewall rules";
   };
 
-  config = mkIf cfg.enable {
-    services.syncthing = {
-      enable = true;
+  config = mkMerge [
+    ({
+      networking.firewall = {
+        allowedTCPPorts = optional cfg.openFirewall 22000;
+        allowedUDPPorts = optional cfg.openFirewall 22000;
+      };
+    })
+    (mkIf cfg.enable {
+      local.syncthing.openFirewall = true;
 
-      systemService = true;
-      overrideFolders = false;
-      overrideDevices = false;
-      openDefaultPorts = true;
+      services.syncthing = {
+        enable = true;
 
-      guiAddress = "127.0.0.1:8384";
+        systemService = true;
+        overrideFolders = false;
+        overrideDevices = false;
+        openDefaultPorts = true;
 
-      settings.options.urAccepted = -1;
+        guiAddress = "127.0.0.1:8384";
 
-      relay = {
-        enable = true;
+        settings.options.urAccepted = -1;
 
-        pools = [ ];
-        providedBy = "${config.networking.hostName}.${config.networking.domain}";
+        relay = {
+          enable = true;
+
+          pools = [ ];
+          providedBy = "${config.networking.hostName}.${config.networking.domain}";
+        };
       };
-    };
-  };
+    })
+  ];
 }