ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Make nftables optional

Noah Pederson 271e8b06 ebf88a92

+12 -10
+3 -2
flake.nix
··· 54 54 unstable ? false, 55 55 extraGroups ? [ ], 56 56 overlays ? [ ], 57 - ... 57 + enableNFTables ? true, 58 58 }: 59 59 inputs.nixpkgs.lib.nixosSystem { 60 60 inherit system; 61 61 specialArgs = { 62 - inherit inputs extraGroups; 62 + inherit inputs extraGroups enableNFTables; 63 63 } 64 64 // nixpkgs.lib.optionalAttrs unstable { 65 65 unstable = import nixpkgs-unstable { ··· 145 145 ./host-specific/touma-wsl.nix 146 146 nixos-wsl.nixosModules.default 147 147 ]; 148 + enableNFTables = false; 148 149 }; 149 150 nixosConfigurations.edge = basicSystem { 150 151 unstable = true;
+9 -8
services.nix
··· 1 - { ... }: 1 + { enableNFTables, lib, ... }: 2 2 { 3 3 4 4 # Some programs need SUID wrappers, can be configured further or are ··· 7 7 8 8 # Fish shell, the best 9 9 programs.fish.enable = true; 10 - 11 - # Use nftables 12 - networking.nftables.enable = true; 13 10 14 11 # Tailscale 15 12 services.tailscale = { 16 13 enable = true; 17 14 openFirewall = true; 18 15 }; 19 - # Support native nftables in tailscale 20 - systemd.services.tailscaled.serviceConfig.Environment = [ 21 - "TS_DEBUG_FIREWALL_MODE=nftables" 22 - ]; 23 16 # Don't wait for networks on boot, should speed up boot 24 17 systemd.network.wait-online.enable = false; 25 18 boot.initrd.systemd.network.wait-online.enable = false; ··· 35 28 # MOSH, SSH over flakey connections 36 29 programs.mosh.enable = true; 37 30 } 31 + // lib.optionalAttrs enableNFTables { 32 + # Use nftables 33 + networking.nftables.enable = true; 34 + # Support native nftables in tailscale 35 + systemd.services.tailscaled.serviceConfig.Environment = [ 36 + "TS_DEBUG_FIREWALL_MODE=nftables" 37 + ]; 38 + }