newedge/liminix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP add zones to firewall module

Browse Source 
- zones are an attrset of name -> [interface-service]

- the firewall will create empty "ifname" sets for each zone name
 in each address family (ip, ip6)

- then watch the interface services, and add the "ifname" outputs
to the corresponding sets when they appear

This commit only adds the empty sets
This commit is contained in:
Daniel Barlow
2025-02-06 11:57:06 +00:00
parent 1d780de0f1
commit 6587813577
5 changed files with 40 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/profiles/gateway.nix
View File

@@ -48,6 +48,9 @@ in {
firewall = {
enable = mkEnableOption "firewall";
rules = mkOption { type = types.attrsOf types.attrs; };
zones = mkOption {
type = types.attrsOf (types.listOf liminix.lib.types.service);
};
};
wan = {
@@ -143,6 +146,7 @@ in {
services.firewall = mkIf cfg.firewall.enable
(svc.firewall.build {
extraRules = cfg.firewall.rules;
inherit (cfg.firewall) zones;
});
services.resolvconf = oneshot rec {