dan/liminix
1
0
Fork 5
Code

firewall -> profile

Browse Source
This commit is contained in:
Daniel Barlow 2024-03-20 18:18:34 +00:00
parent 95ebddb661
commit 269c9cd916
2 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
examples/rotuer.nix
View File

@ -65,7 +65,12 @@ in rec {
password = secrets.l2tp.password; password = secrets.l2tp.password;
dhcp6.enable = true; dhcp6.enable = true;
}; };
firewall = {
enable = true;
rules =
let defaults = import ./demo-firewall.nix;
in lib.recursiveUpdate defaults secrets.firewallRules;
};
wireless.networks = { wireless.networks = {
telent = { telent = {
interface = config.hardware.networkInterfaces.wlan; interface = config.hardware.networkInterfaces.wlan;
@ -97,12 +102,6 @@ in rec {
users.root = secrets.root; users.root = secrets.root;
services.firewall = svc.firewall.build {
ruleset =
let defaults = import ./demo-firewall.nix;
in lib.recursiveUpdate defaults secrets.firewallRules;
};
defaultProfile.packages = with pkgs; [ defaultProfile.packages = with pkgs; [
min-collect-garbage min-collect-garbage
nftables nftables

11
modules/profiles/gateway.nix
View File

@ -44,6 +44,12 @@ in {
localDomain = mkOption { type = types.str; }; localDomain = mkOption { type = types.str; };
}; };
}; };
firewall = {
enable = mkEnableOption "firewall";
rules = mkOption { type = types.attrsOf types.attrs; };
};
wan = { wan = {
interface = mkOption { type = liminix.lib.types.interface; }; interface = mkOption { type = liminix.lib.types.interface; };
username = mkOption { type = types.str; }; username = mkOption { type = types.str; };
@ -143,6 +149,11 @@ in {
interface = config.services.wan; interface = config.services.wan;
}; };
services.firewall = mkIf cfg.firewall.enable
(svc.firewall.build {
ruleset = cfg.firewall.rules;
});
services.resolvconf = oneshot rec { services.resolvconf = oneshot rec {
dependencies = [ config.services.wan ]; dependencies = [ config.services.wan ];