old/modules/lass/iptables/options.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

{ lib, ... }:

let
  inherit (lib) mkEnableOption mkOption types;
in

{
  enable = mkEnableOption "iptables";

  #tables.filter.INPUT = {
  # policy = "DROP";
  # rules = [
  #   { predicate = "-i retiolum"; target = "ACCEPT"; priority = -10; }
  # ];
  #};
  #new api
  tables = mkOption {
    type = with types; attrsOf (attrsOf (submodule ({
      options = {
        policy = mkOption {
          type = str;
          default = "-";
        };
        rules = mkOption {
          type = nullOr (listOf (submodule ({
            options = {
              predicate = mkOption {
                type = str;
              };
              target = mkOption {
                type = str;
              };
              precedence = mkOption {
                type = int;
                default = 0;
              };
            };
          })));
          default = null;
        };
      };
    })));
  };
}