]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/croc.nix
wireguard: setup in initrd
[sourcephile-nix.git] / machines / mermet / croc.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins.extraBuiltins) pass-chomp;
4 croc = config.services.croc;
5 in
6 {
7 networking.nftables.ruleset = ''
8 add rule inet filter net2fw tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
9 '';
10 services.croc = {
11 enable = true;
12 pass = pass-chomp "machines/mermet/croc/pass";
13 };
14 }