diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-10-14 22:30:38 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-10-14 22:30:38 -0700 |
commit | afa9823c9a038d434a0bad1b3f5208b49bd2614c (patch) | |
tree | 11388d8a16a8bdc27cc87380f0d11e5e3d31d2f6 /hosts/ginaz | |
parent | c9ecee17d441d0b06a6d5069c4973868a40d6402 (diff) | |
download | nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.gz nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.bz2 nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.lz nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.xz nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.zst nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.zip |
Handle nftables reload better
Diffstat (limited to '')
-rw-r--r-- | hosts/ginaz/default.nix | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index cac2a8d..f35e36b 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -58,23 +58,25 @@ system.stateVersion = "23.11"; - systemd.services."nftables-extra" = { - description = "nftables extra firewall rules"; - script = '' + systemd.services."nftables-extra" = let rules_script = '' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} - ''; - serviceConfig = { - RemainAfterExit = true; - Type = "oneshot"; - }; - unitConfig = { - ConditionPathExists = config.sops.secrets."nftables/ssh".path; - ReloadPropagatedFrom = "nftables.service"; - }; - wantedBy = [ "multi-user.target" ]; - after = [ "nftables.service" ]; - partOf = [ "nftables.service" ]; + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = config.sops.secrets."nftables/ssh".path; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; }; + systemd.paths."nftables-extra" = { pathConfig = { PathExists = config.sops.secrets."nftables/ssh".path; |