diff options
| author | lassulus <lass@aidsballs.de> | 2015-10-01 22:10:21 +0200 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2015-10-01 22:10:21 +0200 |
| commit | 1078d1a8a3f4f17f20fa81c76f9af39fc844e801 (patch) | |
| tree | b2330a937138a64e10617b5c88b8d6ab8c64ab32 | |
| parent | e8a17e7e9c471108d4f552c8cb668a97df75a382 (diff) | |
move iptables.nix to krebs
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/iptables.nix (renamed from lass/3modules/iptables.nix) | 37 |
2 files changed, 19 insertions, 19 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2d3b7b07..db99d6f2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -11,6 +11,7 @@ let ./exim-smarthost.nix ./github-hosts-sync.nix ./git.nix + ./iptables.nix ./nginx.nix ./Reaktor.nix ./retiolum.nix diff --git a/lass/3modules/iptables.nix b/krebs/3modules/iptables.nix index 8c6ad3fa..9596229d 100644 --- a/lass/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -3,6 +3,10 @@ arg@{ config, lib, pkgs, ... }: let inherit (pkgs) writeScript writeText; + inherit (builtins) + elem + ; + inherit (lib) concatMapStringsSep concatStringsSep @@ -20,15 +24,13 @@ let mkOption mkIf types - sort; - - elemIsIn = a: as: - any (x: x == a) as; + sort + ; - cfg = config.lass.iptables; + cfg = config.krebs.iptables; out = { - options.lass.iptables = api; + options.krebs.iptables = api; config = mkIf cfg.enable imp; }; @@ -74,8 +76,8 @@ let imp = { networking.firewall.enable = false; - systemd.services.lass-iptables = { - description = "lass-iptables"; + systemd.services.krebs-iptables = { + description = "krebs-iptables"; wantedBy = [ "network-pre.target" ]; before = [ "network-pre.target" ]; after = [ "systemd-modules-load.service" ]; @@ -90,7 +92,7 @@ let Type = "simple"; RemainAfterExit = true; Restart = "always"; - ExecStart = "@${startScript} lass-iptables_start"; + ExecStart = "@${startScript} krebs-iptables_start"; }; }; }; @@ -110,13 +112,10 @@ let in #TODO: double check should be unneccessary, refactor! - if (hasAttr "rules" ts."${tn}"."${cn}") then - if (ts."${tn}"."${cn}".rules == null) then - "" - else - concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] - ++ map (buildRule tn cn) sortedRules - ) + if ts.${tn}.${cn}.rules or null != null then + concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([] + ++ map (buildRule tn cn) sortedRules + ) else "" ; @@ -124,7 +123,7 @@ let buildRule = tn: cn: rule: #target validation test: - assert (elemIsIn rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))); + assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))); #predicate validation test: #maybe use iptables-test @@ -171,11 +170,11 @@ let tables = tables-defaults // cfg.tables; in - writeText "lass-iptables-rules${toString iptables-version}" '' + writeText "krebs-iptables-rules${toString iptables-version}" '' ${buildTables iptables-version tables} ''; - startScript = writeScript "lass-iptables_start" '' + startScript = writeScript "krebs-iptables_start" '' #! /bin/sh set -euf iptables-restore < ${rules4 4} |