nixos/profiles/avahi.nix

   1 { config, lib, ... }:
   2 {
   3   services.avahi = {
   4     enable = lib.mkDefault true;
   5     nssmdns4 = lib.mkDefault true;
   6     # UsageWarning: Due to the fact that most mDNS responders only register local IPv4 addresses,
   7     # most user want to leave this option disabled to avoid long timeouts
   8     # when applications first resolve the none existing IPv6 address.
   9     nssmdns6 = lib.mkDefault false;
  10     # Disabling this setting also disables discovering of network devices.
  11     openFirewall = lib.mkDefault true;
  12     publish.enable = lib.mkDefault false;
  13   };
  14   environment.etc."mdns.allow".text = ''
  15     .local.
  16     .local
  17   '';
  18   networking.nftables.ruleset = lib.mkIf config.services.avahi.enable (
  19     ''
  20       table inet filter {
  21         chain output-lan {
  22           skuid ${config.users.users.avahi.name} udp sport mdns udp dport mdns counter accept comment "Avahi: MulticastDNS"
  23         }
  24       }
  25     ''
  26     + lib.optionalString config.services.avahi.openFirewall ''
  27       table inet filter {
  28         chain input-lan {
  29           udp dport mdns counter accept comment "Avahi: MulticastDNS"
  30         }
  31       }
  32     ''
  33   );
  34 }