diff options
| author | lassulus <lassulus@lassul.us> | 2019-02-16 17:38:03 +0100 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2019-02-16 17:38:03 +0100 |
| commit | 2db5d56cf2e252822f38900ef9436d7b118476a9 (patch) | |
| tree | eacbc9a6e9d0a57df85df138d6d14d725af8072e /tv | |
| parent | 5845742ae0770bae3c341d2d7eacb4ccc05245c9 (diff) | |
| parent | 270ceb7676e867c9dff5f5faa765666b58aaa371 (diff) | |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'tv')
| -rw-r--r-- | tv/3modules/iptables.nix | 59 | ||||
| -rw-r--r-- | tv/5pkgs/simple/bash-fzf-history.nix | 5 |
2 files changed, 48 insertions, 16 deletions
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 56861dc74..3974760d5 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -9,6 +9,37 @@ let { config = lib.mkIf cfg.enable imp; }; + extraTypes = { + rules = types.submodule { + options = { + nat.OUTPUT = mkOption { + type = with types; listOf str; + default = []; + }; + nat.PREROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + nat.POSTROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + filter.FORWARD = mkOption { + type = with types; listOf str; + default = []; + }; + filter.INPUT = mkOption { + type = with types; listOf str; + default = []; + }; + filter.Retiolum = mkOption { + type = with types; listOf str; + default = []; + }; + }; + }; + }; + api = { enable = mkEnableOption "tv.iptables"; @@ -37,19 +68,19 @@ let { default = []; }; - extra = { - nat.POSTROUTING = mkOption { - type = with types; listOf str; - default = []; - }; - filter.FORWARD = mkOption { - type = with types; listOf str; - default = []; - }; - filter.INPUT = mkOption { - type = with types; listOf str; - default = []; - }; + extra = mkOption { + default = {}; + type = extraTypes.rules; + }; + + extra4 = mkOption { + default = {}; + type = extraTypes.rules; + }; + + extra6 = mkOption { + default = {}; + type = extraTypes.rules; }; }; @@ -112,6 +143,7 @@ let { "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" ]} ${formatTable cfg.extra.nat} + ${formatTable cfg."extra${toString iptables-version}".nat} COMMIT *filter :INPUT DROP [0:0] @@ -129,6 +161,7 @@ let { ++ ["-i retiolum -j Retiolum"] )} ${formatTable cfg.extra.filter} + ${formatTable cfg."extra${toString iptables-version}".filter} ${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([] ++ optional (cfg.accept-echo-request == "retiolum") accept-echo-request ++ map accept-tcp (unique (map toString cfg.input-retiolum-accept-tcp)) diff --git a/tv/5pkgs/simple/bash-fzf-history.nix b/tv/5pkgs/simple/bash-fzf-history.nix index b603dedd9..88a8e9e4a 100644 --- a/tv/5pkgs/simple/bash-fzf-history.nix +++ b/tv/5pkgs/simple/bash-fzf-history.nix @@ -97,7 +97,6 @@ with import <stockholm/lib>; bind -s | ${pkgs.gnugrep}/bin/grep __fzf_ >&2 ''; in - script // - rec { + script.overrideAttrs (old: rec { bind = /* sh */ ''bind -x '"${load-keyseq}": . ${script}' ''; - } + }) |