From 5e8cc86818d4ac793a943273385dbaa0c7424b22 Mon Sep 17 00:00:00 2001 From: Mark Nipper Date: Thu, 13 Jun 2024 00:27:42 -0700 Subject: Enable previously added rules --- hosts/darkstar/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'hosts/darkstar') diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 5208bfd..ae697ca 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -83,7 +83,9 @@ secrets = { "kea-dhcp4_conf" = {}; + "nftables/forward" = {}; "nftables/ssh" = {}; + "nftables/voip" = {}; }; }; @@ -92,20 +94,26 @@ systemd.services."nftables-extra" = { description = "nftables extra firewall rules"; script = '' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/forward".path} ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/voip".path} ''; serviceConfig = { RemainAfterExit = true; Type = "oneshot"; }; unitConfig = { + ConditionPathExists = config.sops.secrets."nftables/forward".path; ConditionPathExists = config.sops.secrets."nftables/ssh".path; + ConditionPathExists = config.sops.secrets."nftables/voip".path; }; wantedBy = [ "multi-user.target" ]; }; systemd.paths."nftables-extra" = { pathConfig = { + PathExists = config.sops.secrets."nftables/forward".path; PathExists = config.sops.secrets."nftables/ssh".path; + PathExists = config.sops.secrets."nftables/voip".path; }; wantedBy = [ "multi-user.target" ]; }; -- cgit v1.2.3