From f29830ec9347d9b50ec14f25db7715e009992566 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Sun, 25 Feb 2024 17:53:54 +0100
Subject: [PATCH] format nftables.nix

---
 parsons/nftables.nix | 114 +++++++++++++++++++++----------------------
 1 file changed, 56 insertions(+), 58 deletions(-)

diff --git a/parsons/nftables.nix b/parsons/nftables.nix
index 312496f..6a9cc4c 100644
--- a/parsons/nftables.nix
+++ b/parsons/nftables.nix
@@ -3,78 +3,76 @@
 {
   networking.firewall.enable = false;
   networking.nat.enable = false;
-    boot = {
-      kernelModules = [ "nf_nat_ftp" ];
-      kernel.sysctl = {
-        "net.ipv4.conf.all.forwarding" =  true;
-        "net.ipv4.conf.default.forwarding" = true;
-      };
+  boot = {
+    kernelModules = [ "nf_nat_ftp" ];
+    kernel.sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
     };
+  };
 
-    networking.nftables = {
-      enable = true;
+  networking.nftables = {
+    enable = true;
 
-      ruleset = ''
-table inet filter {
-  chain input {
-    type filter hook input priority filter
-    policy drop
+    ruleset = ''
+      table inet filter {
+        chain input {
+          type filter hook input priority filter
+          policy drop
 
-    icmpv6 type { echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, packet-too-big } accept
-    icmp type echo-request accept
+          icmpv6 type {
+            echo-request,
+            echo-reply,
+            mld-listener-query,
+            mld-listener-report,
+            mld-listener-done,
+            nd-router-advert,
+            nd-neighbor-solicit,
+            nd-neighbor-advert,
+            packet-too-big
+          } accept
 
-    ct state invalid drop
-    ct state established,related accept
+          icmp type echo-request accept
 
-    iifname { lo } accept
+          ct state invalid drop
+          ct state established,related accept
 
-    tcp dport { 25, 80, 443, 465, 587, 993, 4190, 62954, 64738 } accept
+          iifname { lo } accept
 
-    udp dport { 60000-61000, 64738 } accept
+          tcp dport { 25, 80, 443, 465, 587, 993, 4190, 62954, 64738 } accept
 
+          udp dport { 60000-61000, 64738 } accept
 
-    
+          # DHCPv6
+          ip6 daddr fe80::/64 udp dport 546 accept
 
-    # DHCPv6
-    ip6 daddr fe80::/64 udp dport 546 accept
+          counter
+        }
+        chain output {
+          type filter hook output priority filter
+          policy accept
 
-    
+          counter
+        }
+        chain forward {
+          type filter hook forward priority filter
+          policy accept
 
-    counter
-  }
-  chain output {
-    type filter hook output priority filter
-    policy accept
-
-    
-
-    counter
-  }
-  chain forward {
-    type filter hook forward priority filter
-    policy accept
-
-    
-
-    
-
-    counter
-  }
-}
-
-table ip nat {
-  chain prerouting {
-    type nat hook prerouting priority -100
-    iifname enp35s0 tcp dport { 22 } dnat ${config.containers.gitea.localAddress}:22
-  }
-  chain postrouting {
-    type nat hook postrouting priority 100
-    iifname lxcbr0 oifname enp35s0 masquerade
-iifname ve-* oifname enp35s0 masquerade
-    
-  }
-}
+          counter
+        }
+      }
 
+      table ip nat {
+        chain prerouting {
+          type nat hook prerouting priority -100
+          iifname enp35s0 tcp dport { 22 } dnat ${config.containers.gitea.localAddress}:22
+        }
+        chain postrouting {
+          type nat hook postrouting priority 100
+          iifname lxcbr0 oifname enp35s0 masquerade
+          iifname ve-* oifname enp35s0 masquerade
+        }
+      }
     '';
   };
 }