convert firewall service to new serviceDefn

this is a bit kludgey with dependencies, need to come back and look at that
2023-08-05 12:07:35 +01:00 · 2023-08-05 12:07:35 +01:00 · 90c1d59aca
parent fbb2c04132
commit 90c1d59aca
3 changed files with 16 additions and 15 deletions
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@ -168,7 +168,7 @@ in rec {
    dependencies = [ services.wan ];
  };

-  services.firewall = svc.firewall {
+  services.firewall = svc.firewall.build {
    ruleset = import ./rotuer-firewall.nix;
  };

--- a/modules/firewall/default.nix
+++ b/modules/firewall/default.nix
@ -1,6 +1,7 @@
 { lib, pkgs, config, ...}:
 let
  inherit (lib) mkOption types;
+  inherit (pkgs) liminix;
  inherit (pkgs.liminix.services) oneshot;

  kconf = isModule :
@ -36,13 +37,22 @@ in
 {
  options = {
    system.service.firewall = mkOption {
-      type = types.anything; # types.functionTo pkgs.liminix.lib.types.service;
+      type = liminix.lib.types.serviceDefn;
    };
  };
  config = {
-    system.service.firewall = params :
-      let svc = (pkgs.callPackage ./service.nix {}) params;
-      in svc // { dependencies = svc.dependencies ++ [loadModules]; };
+    system.service.firewall =
+      let svc = liminix.callService ./service.nix  {
+            ruleset = mkOption {
+              type = types.attrsOf types.attrs;   # we could usefully tighten this a bit :-)
+              description = "firewall ruleset";
+            };
+          };
+      in svc // {
+        build = args : (svc.build args) // {
+          dependencies = [ loadModules ] ++ (svc.dependencies or []);
+        };
+      };

    # For historical reasons the kernel config is split between
    # monolithic options and modules. TODO: go through this list
--- a/modules/firewall/service.nix
+++ b/modules/firewall/service.nix
@ -4,20 +4,11 @@
 , firewallgen
 , nftables
 }:
+{ ruleset }:
 let
  inherit (liminix.services) oneshot;
  inherit (liminix.lib) typeChecked;
  inherit (lib) mkOption types;
-  t = {
-    ruleset = mkOption {
-      type = types.anything;         # we could usefully define this more tightly
-      description = "firewall ruleset";
-    };
-  };
-in
-params:
-let
-  inherit (typeChecked "firewall" t params) ruleset;
  script = firewallgen "firewall.nft" ruleset;
 in oneshot {
  name = "firewall";