b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/nat: Use the package specified in networking.firewall.package

Browse source 
Otherwise the system path is inconsistent if you do something like

    networking.firewall.package = pkgs.iptables-legacy;
This commit is contained in:
Zhaofeng Li 2022-07-12 17:59:44 -07:00
parent 26c66bc7c8
commit 7689468a4b
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/services/networking/nat.nix
View file

@ -319,7 +319,10 @@ in
}
];
environment.systemPackages = [ pkgs.iptables ];
# Use the same iptables package as in config.networking.firewall.
# When the firewall is enabled, this should be deduplicated without any
# error.
environment.systemPackages = [ config.networking.firewall.package ];
boot = {
kernelModules = [ "nf_nat_ftp" ];
@ -347,7 +350,7 @@ in
description = "Network Address Translation";
wantedBy = [ "network.target" ];
after = [ "network-pre.target" "systemd-modules-load.service" ];
path = [ pkgs.iptables ];
path = [ config.networking.firewall.package ];
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
serviceConfig = {