hosts/nan2gua1/openvpn/riseup.nix

   1 { pkgs, lib, ... }:
   2 let
   3   netns = "riseup";
   4 in
   5 {
   6   imports = [
   7     ../../../nixos/profiles/openvpn/riseup.nix
   8   ];
   9   config = {
  10     services.netns.namespaces.${netns} = {
  11       nftables = lib.mkAfter ''
  12         table inet filter {
  13           chain input-net {
  14             counter drop
  15           }
  16           chain output-net {
  17             accept
  18           }
  19           chain input {
  20             goto input-net
  21           }
  22           chain output {
  23             jump output-net
  24             log level warn prefix "${netns}: output-net: " counter drop
  25           }
  26         }
  27       '';
  28     };
  29   };
  30 }