magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-21 23:54:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add start stop hooks to notnftables

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2024-01-18 13:15:30 +01:00
parent 574447e7f4
commit 82774bc978
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
1 changed files with 33 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
nixos/modules/notnft.nix
View file

@ -11,14 +11,34 @@ let
listToAttrs
optional
filter
optionalString;
optionalString
;
cfg = config.networking.notnft;
jsonFormat = (pkgs.formats.json {});
in
{
jsonFormat = pkgs.formats.json {};
in {
options.networking.notnft = {
enable = mkEnableOption "notnft";
preStart = mkOption {
type = types.lines;
default = "";
};
postStart = mkOption {
type = types.lines;
default = "";
};
preStop = mkOption {
type = types.lines;
default = "";
};
postStop = mkOption {
type = types.lines;
default = "";
};
preRules = mkOption {
type = types.listOf jsonFormat.type;
default = [];
@ -91,7 +111,15 @@ in
reloadIfChanged = true;
serviceConfig = let
startScript = pkgs.writeShellScript "start-nft.sh" ''
${cfg.preStart}
${pkgs.buildPackages.nftables}/bin/nft -j -f ${cfg.jsonFile}
${cfg.postStart}
'';
stopScript = pkgs.writeShellScript "stop-nft.sh" ''
${cfg.preStop}
${optionalString cfg.flush "${pkgs.nftables}/bin/nft flush ruleset"}
${cfg.postStop}
'';
# rulesScript = pkgs.writeTextFile {
# name = "nftables-rules";
@ -116,7 +144,7 @@ in
RemainAfterExit = true;
ExecStart = startScript;
ExecReload = startScript;
ExecStop = optionalString cfg.flush "${pkgs.nftables}/bin/nft flush ruleset";
ExecStop = stopScript;
};
};
};