Handle nftables reload better

author: Mark Nipper <nipsy@bitgnome.net> 2024-10-14 22:30:38 -0700
committer: Mark Nipper <nipsy@bitgnome.net> 2024-10-14 22:30:38 -0700
commit: afa9823c9a038d434a0bad1b3f5208b49bd2614c (patch)
tree: 11388d8a16a8bdc27cc87380f0d11e5e3d31d2f6 /hosts/ginaz
parent: c9ecee17d441d0b06a6d5069c4973868a40d6402 (diff)
download: nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar
nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.gz
nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.bz2
nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.lz
nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.xz
nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.zst
nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.zip
1 files changed, 17 insertions, 15 deletions
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix
index cac2a8d..f35e36b 100644
--- a/hosts/ginaz/default.nix
+++ b/hosts/ginaz/default.nix
@@ -58,23 +58,25 @@
 
   system.stateVersion = "23.11";
 
-  systemd.services."nftables-extra" = {
-    description = "nftables extra firewall rules";
-    script = ''
+  systemd.services."nftables-extra" = let rules_script = ''
       ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
-    '';
-    serviceConfig = {
-      RemainAfterExit = true;
-      Type = "oneshot";
-    };
-    unitConfig = {
-      ConditionPathExists = config.sops.secrets."nftables/ssh".path;
-      ReloadPropagatedFrom = "nftables.service";
-    };
-    wantedBy = [ "multi-user.target" ];
-    after = [ "nftables.service" ];
-    partOf = [ "nftables.service" ];
+    ''; in {
+      description = "nftables extra firewall rules";
+      reload = rules_script;
+      script = rules_script;
+      serviceConfig = {
+        RemainAfterExit = true;
+        Type = "oneshot";
+      };
+      unitConfig = {
+        ConditionPathExists = config.sops.secrets."nftables/ssh".path;
+        ReloadPropagatedFrom = "nftables.service";
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "nftables.service" ];
+      partOf = [ "nftables.service" ];
   };
+
   systemd.paths."nftables-extra" = {
     pathConfig = {
       PathExists = config.sops.secrets."nftables/ssh".path;
author	Mark Nipper <nipsy@bitgnome.net>	2024-10-14 22:30:38 -0700
committer	Mark Nipper <nipsy@bitgnome.net>	2024-10-14 22:30:38 -0700
commit	afa9823c9a038d434a0bad1b3f5208b49bd2614c (patch)
tree	11388d8a16a8bdc27cc87380f0d11e5e3d31d2f6 /hosts/ginaz
parent	c9ecee17d441d0b06a6d5069c4973868a40d6402 (diff)
download	nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.gz nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.bz2 nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.lz nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.xz nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.tar.zst nix-afa9823c9a038d434a0bad1b3f5208b49bd2614c.zip