forked from DGNum/liminix
convert firewall service to new serviceDefn
this is a bit kludgey with dependencies, need to come back and look at that
This commit is contained in:
parent
fbb2c04132
commit
90c1d59aca
3 changed files with 16 additions and 15 deletions
|
@ -168,7 +168,7 @@ in rec {
|
|||
dependencies = [ services.wan ];
|
||||
};
|
||||
|
||||
services.firewall = svc.firewall {
|
||||
services.firewall = svc.firewall.build {
|
||||
ruleset = import ./rotuer-firewall.nix;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ lib, pkgs, config, ...}:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
inherit (pkgs) liminix;
|
||||
inherit (pkgs.liminix.services) oneshot;
|
||||
|
||||
kconf = isModule :
|
||||
|
@ -36,13 +37,22 @@ in
|
|||
{
|
||||
options = {
|
||||
system.service.firewall = mkOption {
|
||||
type = types.anything; # types.functionTo pkgs.liminix.lib.types.service;
|
||||
type = liminix.lib.types.serviceDefn;
|
||||
};
|
||||
};
|
||||
config = {
|
||||
system.service.firewall = params :
|
||||
let svc = (pkgs.callPackage ./service.nix {}) params;
|
||||
in svc // { dependencies = svc.dependencies ++ [loadModules]; };
|
||||
system.service.firewall =
|
||||
let svc = liminix.callService ./service.nix {
|
||||
ruleset = mkOption {
|
||||
type = types.attrsOf types.attrs; # we could usefully tighten this a bit :-)
|
||||
description = "firewall ruleset";
|
||||
};
|
||||
};
|
||||
in svc // {
|
||||
build = args : (svc.build args) // {
|
||||
dependencies = [ loadModules ] ++ (svc.dependencies or []);
|
||||
};
|
||||
};
|
||||
|
||||
# For historical reasons the kernel config is split between
|
||||
# monolithic options and modules. TODO: go through this list
|
||||
|
|
|
@ -4,20 +4,11 @@
|
|||
, firewallgen
|
||||
, nftables
|
||||
}:
|
||||
{ ruleset }:
|
||||
let
|
||||
inherit (liminix.services) oneshot;
|
||||
inherit (liminix.lib) typeChecked;
|
||||
inherit (lib) mkOption types;
|
||||
t = {
|
||||
ruleset = mkOption {
|
||||
type = types.anything; # we could usefully define this more tightly
|
||||
description = "firewall ruleset";
|
||||
};
|
||||
};
|
||||
in
|
||||
params:
|
||||
let
|
||||
inherit (typeChecked "firewall" t params) ruleset;
|
||||
script = firewallgen "firewall.nft" ruleset;
|
||||
in oneshot {
|
||||
name = "firewall";
|
||||
|
|
Loading…
Reference in a new issue