nixos/profiles/avahi.nix

   1 { config, lib, ... }:
   2 {
   3   services.avahi = {
   4     enable = lib.mkDefault true;
   5     nssmdns4 = lib.mkDefault true;
   6     nssmdns6 = lib.mkDefault true;
   7     # Disabling this setting also disables discovering of network devices.
   8     openFirewall = lib.mkDefault true;
   9     publish.enable = lib.mkDefault false;
  10   };
  11   networking.nftables.ruleset = lib.mkIf config.services.avahi.enable (
  12     ''
  13       table inet filter {
  14         chain output-lan {
  15           skuid ${config.users.users.avahi.name} udp sport mdns udp dport mdns counter accept comment "Avahi: MulticastDNS"
  16         }
  17       }
  18     ''
  19     + lib.optionalString config.services.avahi.openFirewall ''
  20       table inet filter {
  21         chain input-lan {
  22           udp dport mdns counter accept comment "Avahi: MulticastDNS"
  23         }
  24       }
  25     ''
  26   );
  27 }