mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 17:46:14 +01:00
Add start stop hooks to notnftables
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
parent
574447e7f4
commit
82774bc978
|
@ -11,14 +11,34 @@ let
|
||||||
listToAttrs
|
listToAttrs
|
||||||
optional
|
optional
|
||||||
filter
|
filter
|
||||||
optionalString;
|
optionalString
|
||||||
|
;
|
||||||
cfg = config.networking.notnft;
|
cfg = config.networking.notnft;
|
||||||
jsonFormat = (pkgs.formats.json {});
|
jsonFormat = pkgs.formats.json {};
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options.networking.notnft = {
|
options.networking.notnft = {
|
||||||
enable = mkEnableOption "notnft";
|
enable = mkEnableOption "notnft";
|
||||||
|
|
||||||
|
preStart = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
postStart = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
preStop = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
postStop = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
|
||||||
preRules = mkOption {
|
preRules = mkOption {
|
||||||
type = types.listOf jsonFormat.type;
|
type = types.listOf jsonFormat.type;
|
||||||
default = [];
|
default = [];
|
||||||
|
@ -91,7 +111,15 @@ in
|
||||||
reloadIfChanged = true;
|
reloadIfChanged = true;
|
||||||
serviceConfig = let
|
serviceConfig = let
|
||||||
startScript = pkgs.writeShellScript "start-nft.sh" ''
|
startScript = pkgs.writeShellScript "start-nft.sh" ''
|
||||||
|
${cfg.preStart}
|
||||||
${pkgs.buildPackages.nftables}/bin/nft -j -f ${cfg.jsonFile}
|
${pkgs.buildPackages.nftables}/bin/nft -j -f ${cfg.jsonFile}
|
||||||
|
${cfg.postStart}
|
||||||
|
'';
|
||||||
|
|
||||||
|
stopScript = pkgs.writeShellScript "stop-nft.sh" ''
|
||||||
|
${cfg.preStop}
|
||||||
|
${optionalString cfg.flush "${pkgs.nftables}/bin/nft flush ruleset"}
|
||||||
|
${cfg.postStop}
|
||||||
'';
|
'';
|
||||||
# rulesScript = pkgs.writeTextFile {
|
# rulesScript = pkgs.writeTextFile {
|
||||||
# name = "nftables-rules";
|
# name = "nftables-rules";
|
||||||
|
@ -116,7 +144,7 @@ in
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
ExecStart = startScript;
|
ExecStart = startScript;
|
||||||
ExecReload = startScript;
|
ExecReload = startScript;
|
||||||
ExecStop = optionalString cfg.flush "${pkgs.nftables}/bin/nft flush ruleset";
|
ExecStop = stopScript;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue