Add start stop hooks to notnftables

Signed-off-by: magic_rb <magic_rb@redalder.org>

nixos/modules/notnft.nix

@@ -11,14 +11,34 @@ let
     listToAttrs
     optional
     filter
-    optionalString;
+    optionalString
+    ;
   cfg = config.networking.notnft;
-  jsonFormat = (pkgs.formats.json {});
+  jsonFormat = pkgs.formats.json {};
-in
+in {
-{
   options.networking.notnft = {
     enable = mkEnableOption "notnft";
 
+    preStart = mkOption {
+      type = types.lines;
+      default = "";
+    };
+
+    postStart = mkOption {
+      type = types.lines;
+      default = "";
+    };
+
+    preStop = mkOption {
+      type = types.lines;
+      default = "";
+    };
+
+    postStop = mkOption {
+      type = types.lines;
+      default = "";
+    };
+
     preRules = mkOption {
       type = types.listOf jsonFormat.type;
       default = [];
@@ -91,7 +111,15 @@ in
       reloadIfChanged = true;
       serviceConfig = let
         startScript = pkgs.writeShellScript "start-nft.sh" ''
+          ${cfg.preStart}
           ${pkgs.buildPackages.nftables}/bin/nft -j -f ${cfg.jsonFile}
+          ${cfg.postStart}
+        '';
+
+        stopScript = pkgs.writeShellScript "stop-nft.sh" ''
+          ${cfg.preStop}
+          ${optionalString cfg.flush "${pkgs.nftables}/bin/nft flush ruleset"}
+          ${cfg.postStop}
         '';
         # rulesScript = pkgs.writeTextFile {
         #   name =  "nftables-rules";
@@ -116,7 +144,7 @@ in
         RemainAfterExit = true;
         ExecStart = startScript;
         ExecReload = startScript;
-        ExecStop = optionalString cfg.flush "${pkgs.nftables}/bin/nft flush ruleset";
+        ExecStop = stopScript;
       };
     };
   };