-{ pkgs, lib, config, ... }:
+{ config, ... }:
let
inherit (config.users) users;
domain = config.networking.domain;
inherit (config.services) freeciv;
in
{
-networking.nftables.ruleset = ''
- add rule inet filter net2fw tcp dport ${toString freeciv.settings.port} counter accept comment "Freeciv"
-'';
-users.users.freeciv.isSystemUser = true;
-users.groups.acme.members = [ users."freeciv".name ];
-security.acme.certs."${domain}" = {
- # Not supported
- #postRun = "systemctl reload freeciv";
-};
-systemd.services.postgresql = {
- wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
- after = [ "acme-selfsigned-${domain}.service" ];
-};
-services.upnpc.redirections = [
- { description = "";
- externalPort = freeciv.settings.port; protocol = "TCP";
- service.wantedBy = ["freeciv.service"];
- service.partOf = ["freeciv.service"];
- }
-];
-services.freeciv = {
- enable = true;
- settings = {
- Announce = "none";
- Guests = true;
- Newusers = true;
- auth = true;
- debug = 3;
+ networking.nftables.ruleset = ''
+ table inet filter {
+ chain input-net {
+ tcp dport ${toString freeciv.settings.port} counter accept comment "Freeciv"
+ }
+ }
+ '';
+ users.users.freeciv.isSystemUser = true;
+ users.groups.acme.members = [ users."freeciv".name ];
+ security.acme.certs."${domain}" = {
+ # Not supported
+ #postRun = "systemctl reload freeciv";
+ };
+ systemd.services.freeciv = {
+ wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service" ];
+ after = [ "acme-selfsigned-${domain}.service" ];
+ };
+ services.upnpc.enable = true;
+ services.upnpc.redirections = [
+ {
+ description = "";
+ externalPort = freeciv.settings.port;
+ protocol = "TCP";
+ service.wantedBy = [ "freeciv.service" ];
+ service.partOf = [ "freeciv.service" ];
+ }
+ ];
+ services.freeciv = {
+ enable = true;
+ settings = {
+ Announce = "none";
+ Guests = true;
+ Newusers = true;
+ auth = true;
+ debug = 3;
+ };
};
-};
}
sourcephile / git / sourcephile-nix.git / blobdiff