nat: add extraCommands and extraStopCommands options

2017-12-06 11:17:38 -05:00 · 2017-12-06 11:17:38 -05:00 · ab2b3a5d0a
commit ab2b3a5d0a
parent 7fcdd34d17
1 changed files with 26 additions and 0 deletions
--- a/nixos/modules/services/networking/nat.nix
+++ b/nixos/modules/services/networking/nat.nix
@ -19,6 +19,8 @@ let
    iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true
    iptables -w -t nat -F nixos-nat-post 2>/dev/null || true
    iptables -w -t nat -X nixos-nat-post 2>/dev/null || true
+
+    ${cfg.extraStopCommands}
  '';

  setupNat = ''
@ -59,6 +61,8 @@ let
 	--to-destination ${cfg.dmzHost}
    ''}

+    ${cfg.extraCommands}
+
    # Append our chains to the nat tables
    iptables -w -t nat -A PREROUTING -j nixos-nat-pre
    iptables -w -t nat -A POSTROUTING -j nixos-nat-post
@ -170,6 +174,28 @@ in
        '';
    };

+    networking.nat.extraCommands = mkOption {
+      type = types.lines;
+      default = "";
+      example = "iptables -A INPUT -p icmp -j ACCEPT";
+      description =
+        ''
+          Additional shell commands executed as part of the nat
+          initialisation script.
+        '';
+    };
+
+    networking.nat.extraStopCommands = mkOption {
+      type = types.lines;
+      default = "";
+      example = "iptables -D INPUT -p icmp -j ACCEPT || true";
+      description =
+        ''
+          Additional shell commands executed as part of the nat
+          teardown script.
+        '';
+    };
+
  };