diff options
-rw-r--r-- | hosts/darkstar/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 5208bfd..ae697ca 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -83,7 +83,9 @@ secrets = { "kea-dhcp4_conf" = {}; + "nftables/forward" = {}; "nftables/ssh" = {}; + "nftables/voip" = {}; }; }; @@ -92,20 +94,26 @@ systemd.services."nftables-extra" = { description = "nftables extra firewall rules"; script = '' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/forward".path} ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/voip".path} ''; serviceConfig = { RemainAfterExit = true; Type = "oneshot"; }; unitConfig = { + ConditionPathExists = config.sops.secrets."nftables/forward".path; ConditionPathExists = config.sops.secrets."nftables/ssh".path; + ConditionPathExists = config.sops.secrets."nftables/voip".path; }; wantedBy = [ "multi-user.target" ]; }; systemd.paths."nftables-extra" = { pathConfig = { + PathExists = config.sops.secrets."nftables/forward".path; PathExists = config.sops.secrets."nftables/ssh".path; + PathExists = config.sops.secrets."nftables/voip".path; }; wantedBy = [ "multi-user.target" ]; }; |