sourcephile / git / julm / julm-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fixup! openvpn-calyx: fix nftables
[julm/julm-nix.git] / nixos / profiles / networking / nftables.nix
diff --git a/nixos/profiles/networking/nftables.nix b/nixos/profiles/networking/nftables.nix
index 77f527d563c292abcc1b1917540ced7bcd1b329b..819e3656e657c3cb39ec25f9a18605b7e28b5441 100644 (file)
--- a/nixos/profiles/networking/nftables.nix
+++ b/nixos/profiles/networking/nftables.nix
@@ -46,5 +46,12 @@
 
     https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt
   */
-  networking.nftables.ruleset = lib.mkBefore (lib.readFile ./nftables.txt);
+  networking.nftables = {
+    preCheckRuleset = ''
+      sed -i ruleset.conf \
+        -e 's/skuid  *[^ ]*/skuid nobody/g' \
+        -e 's/skgid  *[^ ]*/skgid nogroup/g'
+    '';
+    ruleset = lib.mkBefore (lib.readFile ./nftables.txt);
+  };
 }
julm's NixOS and home-manager configs