Enable previously added rules

1 files changed, 8 insertions, 0 deletions

diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index 5208bfd..ae697ca 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -83,7 +83,9 @@
 
     secrets = {
       "kea-dhcp4_conf" = {};
+      "nftables/forward" = {};
       "nftables/ssh" = {};
+      "nftables/voip" = {};
     };
   };
 
@@ -92,20 +94,26 @@
   systemd.services."nftables-extra" = {
     description = "nftables extra firewall rules";
     script = ''
+      ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/forward".path}
       ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
+      ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/voip".path}
     '';
     serviceConfig = {
       RemainAfterExit = true;
       Type = "oneshot";
     };
     unitConfig = {
+      ConditionPathExists = config.sops.secrets."nftables/forward".path;
       ConditionPathExists = config.sops.secrets."nftables/ssh".path;
+      ConditionPathExists = config.sops.secrets."nftables/voip".path;
     };
     wantedBy = [ "multi-user.target" ];
   };
   systemd.paths."nftables-extra" = {
     pathConfig = {
+      PathExists = config.sops.secrets."nftables/forward".path;
       PathExists = config.sops.secrets."nftables/ssh".path;
+      PathExists = config.sops.secrets."nftables/voip".path;
     };
     wantedBy = [ "multi-user.target" ];
   };