dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Implement initial containers module

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-03-26 14:20:30 +00:00
parent 5ef6684df4
commit 67114c1336
16 changed files with 372 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/firewall.nix
View File

@@ -4,6 +4,7 @@ let
inherit (lib.my) parseIPPort mkOpt' mkBoolOpt';
cfg = config.my.firewall;
iptCfg = config.networking.firewall;
in
{
options.my.firewall = with lib.types; {
@@ -31,9 +32,9 @@ in
enable = true;
ruleset =
let
trusted' = "{ ${concatStringsSep ", " cfg.trustedInterfaces} }";
openTCP = cfg.tcp.allowed ++ config.networking.firewall.allowedTCPPorts;
openUDP = cfg.udp.allowed ++ config.networking.firewall.allowedUDPPorts;
trusted' = "{ ${concatStringsSep ", " (cfg.trustedInterfaces ++ iptCfg.trustedInterfaces)} }";
openTCP = cfg.tcp.allowed ++ iptCfg.allowedTCPPorts;
openUDP = cfg.udp.allowed ++ iptCfg.allowedUDPPorts;
in
''
table inet filter {