summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/iptables.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/iptables.nix')
-rw-r--r--krebs/3modules/iptables.nix12
1 files changed, 3 insertions, 9 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 7007090c..32a5273a 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
+with lib;
let
inherit (pkgs) writeText;
@@ -43,10 +43,6 @@ let
target = mkOption {
type = str;
};
- precedence = mkOption {
- type = int;
- default = 0;
- };
v4 = mkOption {
type = bool;
default = true;
@@ -145,13 +141,11 @@ let
buildChain = tn: cn:
let
filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
- sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules;
-
in
#TODO: double check should be unneccessary, refactor!
if ts.${tn}.${cn}.rules or null != null then
concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
- ++ map (buildRule tn cn) sortedRules
+ ++ map (buildRule tn cn) filteredRules
)
else
""
@@ -183,7 +177,7 @@ let
${buildTables iptables-version cfg.tables}
'';
- startScript = pkgs.writeDash "krebs-iptables_start" ''
+ startScript = pkgs.writers.writeDash "krebs-iptables_start" ''
set -euf
iptables-restore < ${rules "v4"}
ip6tables-restore < ${rules "v6"}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 21:43:45 +0000