liminix/modules/firewall/service.nix at main - lbailly/liminix - Forge git de la DGNum

lbailly/liminix

forked from DGNum/liminix

Daniel Barlow 1a314e55b7 firewall module: provide default rules and merge extraRules

a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules.  Specifying `rules` will override the defaults

2024-03-21 12:00:34 +00:00

17 lines

355 B

Nix

Raw Permalink Blame History

 {
   liminix
 , lib
 , firewallgen
 , nftables
 }:
 { rules, extraRules }:
 let
   inherit (liminix.services) oneshot;
   inherit (liminix.lib) typeChecked;
   inherit (lib) mkOption types;
   script = firewallgen "firewall.nft" (lib.recursiveUpdate rules extraRules);
 in oneshot {
   name = "firewall";
   up = script;
   down = "${nftables}/bin/nft flush ruleset";
 }