I’d like to author nftables in another file instead of embedding a string in my /etc/nixos/configuration.nix.
Why? I prefer to author some configuration directly to remove the cognitive overhead of thinking in nix or whatever other language; focus I guess.
Do you know how to do this or of an example doing so?
Option 1:
# configuration.nix:
{
networking.nftables.tables.filter = {
family = "inet";
content = builtins.readFile ./rules.nft;
};
/* ... other options ... */
}
Option 2:
{
networking.nftables.rulesetFile = ./rules.nft;
/* ... other options ... */
}
Option 3:
# configuration.nix:
{
imports = [ ./nftables-config.nix ];
/* ... other options ... */
}
# nftables-config.nix
{
networking.nftables.tables.filter = {
family = "inet";
content = ''
# rules go here...
'';
};
}