machines/mermet/croc.nix

   1 { pkgs, lib, config, machineName, ... }:
   2 let
   3   inherit (builtins.extraBuiltins) pass-chomp;
   4   croc = config.services.croc;
   5 in
   6 {
   7 networking.nftables.ruleset = ''
   8   add rule inet filter net2fw tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
   9 '';
  10 services.croc = {
  11   enable = true;
  12   pass = pass-chomp "machines/${machineName}/croc/pass";
  13 };
  14 }