hosts/mermet/croc.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let
   3   inherit (config.services) croc;
   4 in
   5 {
   6 networking.nftables.ruleset = ''
   7   table inet filter {
   8     chain input-net {
   9       tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
  10     }
  11   }
  12 '';
  13 services.croc = {
  14   enable = true;
  15   pass = builtins.readFile (inputs.secrets + "/croc/pass");
  16   #debug = true;
  17 };
  18 }