repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-06 16:22:34 +02:00
committed by Joakim Repomaa
parent 983e313e11
commit 7a24ac5fe6
21 changed files with 233 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/firewall.nix
View File

@@ -16,18 +16,25 @@ let
{ allowedUDPPorts = [ ]; allowedTCPPorts = [ ]; }
enabledServices;
cfg = config.modules.firewall.rules;
cfg = config.modules.firewall;
in
{
options.modules.firewall.rules = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf (lib.types.enum (lib.attrNames services)));
default = { };
};
config = lib.mkIf (lib.length (lib.attrNames cfg) > 0) {
networking.firewall = {
enable = lib.mkDefault true;
interfaces = lib.mapAttrs (_: enabledServices: rulesForServices enabledServices) cfg;
options.modules.firewall = {
enable = lib.mkEnableOption "Enable the firewall";
interfaces = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf (lib.types.enum (lib.attrNames services)));
default = { };
};
allInterfaces = lib.mkOption {
type = lib.types.listOf (lib.types.enum (lib.attrNames services));
default = [ ];
};
};
config = lib.mkIf cfg.enable {
networking.firewall = {
enable = true;
interfaces = lib.mapAttrs (_: enabledServices: rulesForServices enabledServices) cfg.interfaces;
} // rulesForServices cfg.allInterfaces;
};
}