tv: modularize iptables configuration

1 files changed, 29 insertions, 0 deletions

diff --git a/modules/tv/iptables/options.nix b/modules/tv/iptables/options.nix
new file mode 100644
index 0000000..79be1d0
--- /dev/null
+++ b/modules/tv/iptables/options.nix
@@ -0,0 +1,29 @@
+{ lib, ... }:
+
+let
+  inherit (lib) mkOption types;
+in
+
+{
+  enable = mkOption {
+    type = types.bool;
+    default = false;
+    description = "Enable iptables.";
+  };
+
+  input-internet-accept-new-tcp = mkOption {
+    type = with types; listOf str;
+    default = [];
+    description = ''
+      ip{4,6}tables -A INPUT -j ACCEPT -p tcp --dport $port -m conntrack --ctstate NEW
+    '';
+  };
+
+  input-retiolum-accept-new-tcp = mkOption {
+    type = with types; listOf str;
+    default = [];
+    description = ''
+      ip{4,6}tables -A Retiolum -j ACCEPT -p tcp --dport $port -m conntrack --ctstate NEW
+    '';
+  };
+}