From 6f84c2c41d18546ff0d62efa1d6e10f2ef671b27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 11 Jun 2025 15:27:09 +0200
Subject: [PATCH] feat: add firewall tools as sysext
---
flake.nix | 22 ++++++++++++++++++++++
lib/make-sysext.nix | 2 +-
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/flake.nix b/flake.nix
index cfbd77c..2655ff0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -42,6 +42,28 @@
qemu-uefi-tpm = pkgs.callPackage ./utils/qemu-uefi-tpm.nix { };
+ firewall-sysext = pkgs.callPackage ./lib/make-sysext.nix {
+ name = "firewall-tools";
+ version = "0.0.1";
+ packages = [
+ # network/firewalling
+ { drv = pkgs.iproute2; path = "bin/"; }
+ { drv = pkgs.nftables; path = "bin/"; }
+ { drv = pkgs.wireguard-tools; path = "bin/.wg-wrapped"; destpath = "bin/wg"; }
+ # deps
+ { drv = pkgs.nftables; path = "lib/"; }
+ { drv = pkgs.libnftnl; path = "lib/"; }
+ { drv = pkgs.iptables; path = "lib/"; }
+ { drv = pkgs.libgcc.lib; path = "lib/"; }
+ { drv = pkgs.libgcc; path = "lib/"; }
+ { drv = pkgs.libmnl; path = "lib/"; }
+ { drv = pkgs.gmp; path = "lib/"; }
+ { drv = pkgs.jansson.out; path = "lib/"; }
+ { drv = pkgs.ncurses.out; path = "lib/"; }
+ { drv = pkgs.libedit; path = "lib/"; }
+ ];
+ };
+
debug-tools-sysext = pkgs.callPackage ./lib/make-sysext.nix {
name = "debug-tools";
version = "0.0.1";
diff --git a/lib/make-sysext.nix b/lib/make-sysext.nix
index 59b04cf..70ed570 100644
--- a/lib/make-sysext.nix
+++ b/lib/make-sysext.nix
@@ -69,7 +69,7 @@ runCommand name
# remove if exists
for f in $srcfile/*; do
basename="$(basename -- "$f")"
- rm -f "$destfile/$basename"
+ rm -rf "$destfile/$basename"
done
cp -rPv "$srcfile" "$basedir"
chmod -R 755 "$basedir"