diff options
Diffstat (limited to '')
-rw-r--r-- | hosts/ginaz/default.nix | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index cac2a8d..f35e36b 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -58,23 +58,25 @@ system.stateVersion = "23.11"; - systemd.services."nftables-extra" = { - description = "nftables extra firewall rules"; - script = '' + systemd.services."nftables-extra" = let rules_script = '' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} - ''; - serviceConfig = { - RemainAfterExit = true; - Type = "oneshot"; - }; - unitConfig = { - ConditionPathExists = config.sops.secrets."nftables/ssh".path; - ReloadPropagatedFrom = "nftables.service"; - }; - wantedBy = [ "multi-user.target" ]; - after = [ "nftables.service" ]; - partOf = [ "nftables.service" ]; + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = config.sops.secrets."nftables/ssh".path; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; }; + systemd.paths."nftables-extra" = { pathConfig = { PathExists = config.sops.secrets."nftables/ssh".path; |