magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-25 09:36:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use path instead of export in nftables service on blowhole

Browse source 
Signed-off-by: magic_rb <richard@brezak.sk>
This commit is contained in:
magic_rb 2023-10-07 22:47:29 +02:00
parent ca4775b49e
commit 52d2b22844
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/systems/blowhole/firewall.nix
View file

@ -262,11 +262,13 @@ in
}; };
systemd.services.nftables = { systemd.services.nftables = {
path = with pkgs; [
nftables iptables bash
];
serviceConfig = serviceConfig =
let let
rulesScript = pkgs.writeShellScript "nftables-rules" '' rulesScript = pkgs.writeShellScript "nftables-rules" ''
set -ex set -ex
export PATH=${pkgs.nftables}/bin:${pkgs.iptables}/bin:${pkgs.bash}/bin:$PATH
tmpfile="$(mktemp)" tmpfile="$(mktemp)"
iptables-save -t filter >> $tmpfile iptables-save -t filter >> $tmpfile
@ -289,7 +291,6 @@ in
ExecReload = mkForce rulesScript; ExecReload = mkForce rulesScript;
ExecStop = mkForce (pkgs.writeShellScript "nftables-flush" '' ExecStop = mkForce (pkgs.writeShellScript "nftables-flush" ''
set -ex set -ex
export PATH=${pkgs.nftables}/bin:${pkgs.iptables}/bin:${pkgs.bash}/bin:$PATH
tmpfile="$(mktemp)" tmpfile="$(mktemp)"
iptables-save -t filter >> $tmpfile iptables-save -t filter >> $tmpfile