From 671a296b484c079ad3a8ec288c110cd89f9819e9 Mon Sep 17 00:00:00 2001
From: Kenny Ballou <kballou@devnulllabs.io>
Date: Mon, 30 Dec 2019 16:54:10 -0700
Subject: services: firewall: use host specific rulesets

Instead of using the same set of rules for all machines, use specific
rulesets tailored to each machine.

Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
---
 services/firewall.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'services')

diff --git a/services/firewall.nix b/services/firewall.nix
index 2c09d3f..51e3386 100644
--- a/services/firewall.nix
+++ b/services/firewall.nix
@@ -3,5 +3,5 @@
   # Firewall configuration
   networking.firewall.enable = false;
   networking.nftables.enable = true;
-  networking.nftables.rulesetFile = ./nftables-rules.nft;
+  networking.nftables.rulesetFile = builtins.toPath "/etc/nixos/${config.networking.hostName}/nftables-rules.nft";
 }
-- 
cgit v1.2.1