feat: add firewall tools as sysext

2025-06-11 15:27:09 +02:00 · 2025-06-11 15:27:09 +02:00 · 6f84c2c41d
commit 6f84c2c41d
parent e85353bc35
2 changed files with 23 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -42,6 +42,28 @@

          qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { };

+          firewall-sysext = pkgs.callPackage ./lib/make-sysext.nix {
+            name = "firewall-tools";
+            version = "0.0.1";
+            packages = [
+              # network/firewalling
+              { drv = pkgs.iproute2; path = "bin/"; }
+              { drv = pkgs.nftables; path = "bin/"; }
+              { drv = pkgs.wireguard-tools; path = "bin/.wg-wrapped"; destpath = "bin/wg"; }
+              # deps
+              { drv = pkgs.nftables; path = "lib/"; }
+              { drv = pkgs.libnftnl; path = "lib/"; }
+              { drv = pkgs.iptables; path = "lib/"; }
+              { drv = pkgs.libgcc.lib; path = "lib/"; }
+              { drv = pkgs.libgcc; path = "lib/"; }
+              { drv = pkgs.libmnl; path = "lib/"; }
+              { drv = pkgs.gmp; path = "lib/"; }
+              { drv = pkgs.jansson.out; path = "lib/"; }
+              { drv = pkgs.ncurses.out; path = "lib/"; }
+              { drv = pkgs.libedit; path = "lib/"; }
+            ];
+          };
+
          debug-tools-sysext = pkgs.callPackage ./lib/make-sysext.nix {
            name = "debug-tools";
            version = "0.0.1";
--- a/lib/make-sysext.nix
+++ b/lib/make-sysext.nix
@ -69,7 +69,7 @@ runCommand name
        # remove if exists
        for f in $srcfile/*; do
          basename="$(basename -- "$f")"
-          rm -f "$destfile/$basename"
+          rm -rf "$destfile/$basename"
        done
        cp -rPv "$srcfile" "$basedir"
        chmod -R 755 "$basedir"