firewall module: provide default rules and merge extraRules

a firewall with no configuration will get a relatively sane ruleset. a firewall with `extraRules` will get them deep merged into the default rules. Specifying `rules` will override the defaults
2024-03-21 12:00:34 +00:00
parent 9263b21faa
commit 1a314e55b7
7 changed files with 23 additions and 8 deletions
--- a/modules/firewall/service.nix
+++ b/modules/firewall/service.nix
@@ -4,12 +4,12 @@
 , firewallgen
 , nftables
 }:
-{ ruleset }:
+{ rules, extraRules }:
 let
  inherit (liminix.services) oneshot;
  inherit (liminix.lib) typeChecked;
  inherit (lib) mkOption types;
-  script = firewallgen "firewall.nft" ruleset;
+  script = firewallgen "firewall.nft" (lib.recursiveUpdate rules extraRules);
 in oneshot {
  name = "firewall";
  up = script;