magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-22 08:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remormat notnft module

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2024-01-18 13:16:00 +01:00
parent 82774bc978
commit 97d1ff5896
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
1 changed files with 30 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
nixos/modules/notnft.nix
View file

@ -1,6 +1,12 @@
{ pkgs, config, lib, notnft, ... }:
let
inherit (lib)
{
pkgs,
config,
lib,
notnft,
...
}: let
inherit
(lib)
types
mkOption
mkDefault
@ -76,20 +82,23 @@ in {
rule = mkOption {
type = notnft.type.rule;
readOnly = true;
default = with notnft.dsl; with payload;
[ jump "dns-drop" ];
default = with notnft.dsl; with payload; [jump "dns-drop"];
};
};
};
};
config = {
networking.notnft.rules = with notnft.dsl; with payload; ruleset {
filter = add table { family = f: f.inet; }
networking.notnft.rules = with notnft.dsl;
with payload;
ruleset {
filter =
add table {family = f: f.inet;}
(listToAttrs (filter (x: x != {}) [
(optionalAttrs cfg.chains.dnsDrop.enable {
name = "dns-drop";
value = add chain
value =
add chain
[(is.ne ip.daddr "10.64.2.1") (is.eq ip.protocol (f: with f; set [tcp udp])) (is.eq th.dport 53) drop];
})
]));