services: firewall: use host specific rulesets

Instead of using the same set of rules for all machines, use specific rulesets tailored to each machine. Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
author: Kenny Ballou <kballou@devnulllabs.io> 2019-12-30 16:54:10 -0700
committer: Kenny Ballou <kballou@devnulllabs.io> 2020-01-06 09:15:00 -0700
commit: 671a296b484c079ad3a8ec288c110cd89f9819e9 (patch)
tree: b11e6e5610a5a881b1f666a8f2b2048e411e48b0 /services
parent: ce40ba493defa1256e41385fc7fdaadb14b7c02f (diff)
download: cfg.nix-671a296b484c079ad3a8ec288c110cd89f9819e9.tar.gz
cfg.nix-671a296b484c079ad3a8ec288c110cd89f9819e9.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/services/firewall.nix b/services/firewall.nix
index 2c09d3f..51e3386 100644
--- a/services/firewall.nix
+++ b/services/firewall.nix
@@ -3,5 +3,5 @@
   # Firewall configuration
   networking.firewall.enable = false;
   networking.nftables.enable = true;
-  networking.nftables.rulesetFile = ./nftables-rules.nft;
+  networking.nftables.rulesetFile = builtins.toPath "/etc/nixos/${config.networking.hostName}/nftables-rules.nft";
 }
author	Kenny Ballou <kballou@devnulllabs.io>	2019-12-30 16:54:10 -0700
committer	Kenny Ballou <kballou@devnulllabs.io>	2020-01-06 09:15:00 -0700
commit	671a296b484c079ad3a8ec288c110cd89f9819e9 (patch)
tree	b11e6e5610a5a881b1f666a8f2b2048e411e48b0 /services
parent	ce40ba493defa1256e41385fc7fdaadb14b7c02f (diff)
download	cfg.nix-671a296b484c079ad3a8ec288c110cd89f9819e9.tar.gz cfg.nix-671a296b484c079ad3a8ec288c110cd89f9819e9.tar.xz