nixos/samba: Add openFirewall option

nixos/modules/services/network-filesystems/samba.nix

@@ -87,13 +87,20 @@ in
           <note>
             <para>If you use the firewall consider adding the following:</para>
           <programlisting>
-            networking.firewall.allowedTCPPorts = [ 139 445 ];
+            services.samba.openFirewall = true;
-            networking.firewall.allowedUDPPorts = [ 137 138 ];
           </programlisting>
           </note>
         '';
       };
 
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to automatically open the necessary ports in the firewall.
+        '';
+      };
+
       enableNmbd = mkOption {
         type = types.bool;
         default = true;
@@ -235,7 +242,10 @@ in
         };
 
         security.pam.services.samba = {};
-        environment.systemPackages = [ config.services.samba.package ];
+        environment.systemPackages = [ cfg.package ];
+
+        networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 139 445 ];
+        networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ 137 138 ];
       })
     ];
 

nixos/tests/samba.nix

@@ -20,6 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
       server =
         { ... }:
         { services.samba.enable = true;
+          services.samba.openFirewall = true;
           services.samba.shares.public =
             { path = "/public";
               "read only" = true;
@@ -27,8 +28,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
               "guest ok" = "yes";
               comment = "Public samba share.";
             };
-          networking.firewall.allowedTCPPorts = [ 139 445 ];
-          networking.firewall.allowedUDPPorts = [ 137 138 ];
         };
     };