enable statx

2023-10-01 23:14:05 +03:00
parent 5c83f7407a
commit 25e8191177
15 changed files with 110 additions and 122 deletions
--- a/modules/services/friendlyport/default.nix
+++ b/modules/services/friendlyport/default.nix
@@ -5,50 +5,45 @@
 }: {
  options.mj.services.friendlyport = with lib.types; {
    ports = lib.mkOption {
-      type = listOf (submodule (
-        {...}: {
-          options = {
-            subnets = lib.mkOption {type = listOf str;};
-            tcp = lib.mkOption {
-              type = listOf int;
-              default = [];
-            };
-            udp = lib.mkOption {
-              type = listOf int;
-              default = [];
-            };
+      type = listOf (submodule {
+        options = {
+          subnets = lib.mkOption {type = listOf str;};
+          tcp = lib.mkOption {
+            type = listOf int;
+            default = [];
          };
-        }
-      ));
+          udp = lib.mkOption {
+            type = listOf int;
+            default = [];
+          };
+        };
+      });
    };
  };

  config = let
-    ports = config.mj.services.friendlyport.ports;
-    mkAdd = (
-      proto: subnets: ints: let
-        subnetsS = builtins.concatStringsSep "," subnets;
-        intsS = builtins.concatStringsSep "," (map builtins.toString ints);
-      in
-        if builtins.length ints == 0
-        then ""
-        else "iptables -A INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT"
-    );
+    inherit (config.mj.services.friendlyport.ports);
+
+    mkAdd = proto: subnets: ints: let
+      subnetsS = builtins.concatStringsSep "," subnets;
+      intsS = builtins.concatStringsSep "," (map builtins.toString ints);
+    in
+      if builtins.length ints == 0
+      then ""
+      else "iptables -A INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT";

    startTCP = map (attr: mkAdd "tcp" attr.subnets attr.tcp) ports;
    startUDP = map (attr: mkAdd "udp" attr.subnets attr.udp) ports;

    # TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process.
    # How to stop the old one and start the new one?
-    mkDel = (
-      proto: subnets: ints: let
-        subnetsS = builtins.concatStringsSep "," subnets;
-        intsS = builtins.concatStringsSep "," (map builtins.toString ints);
-      in
-        if builtins.length ints == 0
-        then ""
-        else "iptables -D INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT || :"
-    );
+    mkDel = proto: subnets: ints: let
+      subnetsS = builtins.concatStringsSep "," subnets;
+      intsS = builtins.concatStringsSep "," (map builtins.toString ints);
+    in
+      if builtins.length ints == 0
+      then ""
+      else "iptables -D INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT || :";

    stopTCP = map (attr: mkDel "tcp" attr.subnets attr.tcp) ports;
    stopUDP = map (attr: mkDel "udp" attr.subnets attr.udp) ports;