gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(nftables): flushRuleset = false

Browse source
This commit is contained in:
arcnmx 2025-08-12 12:05:28 -07:00
parent 678fee1361
commit c39a4373ff
1 changed files with 12 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/nixos/nftables.nix
View file

@ -5,7 +5,7 @@
}: let }: let
inherit (lib) types; inherit (lib) types;
inherit (lib.options) mkOption mkEnableOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf mkMerge;
inherit (lib.attrsets) mapAttrsToList; inherit (lib.attrsets) mapAttrsToList;
inherit (lib.strings) optionalString concatStringsSep concatMapStringsSep; inherit (lib.strings) optionalString concatStringsSep concatMapStringsSep;
inherit (lib.lists) optionals; inherit (lib.lists) optionals;
@ -161,6 +161,17 @@ in {
networking.firewall.enable = false; networking.firewall.enable = false;
networking.nftables = { networking.nftables = {
inherit ruleset; inherit ruleset;
flushRuleset = false;
extraDeletions = mkMerge [
''
table inet filter;
delete table inet filter;
''
(mkIf doDocker ''
table ip nat;
delete table ip nat;
'')
];
}; };
virtualisation.docker = mkIf doDocker { virtualisation.docker = mkIf doDocker {