k 3 iptables: remove obsolete asserts & style

krebs/3modules/iptables.nix

@@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }:
 
+with import <stockholm/lib>;
+
 let
   inherit (pkgs) writeText;
 
@@ -7,27 +9,6 @@ let
     elem
   ;
 
-  inherit (lib)
-    concatMapStringsSep
-    concatStringsSep
-    attrNames
-    unique
-    fold
-    any
-    attrValues
-    catAttrs
-    filter
-    flatten
-    length
-    hasAttr
-    hasPrefix
-    mkEnableOption
-    mkOption
-    mkIf
-    types
-    sort
-  ;
-
   cfg = config.krebs.iptables;
 
   out = {
@@ -93,7 +74,7 @@ let
         Type = "simple";
         RemainAfterExit = true;
         Restart = "always";
-        ExecStart = "@${startScript} krebs-iptables_start";
+        ExecStart = startScript;
       };
     };
   };
@@ -123,13 +104,6 @@ let
 
 
       buildRule = tn: cn: rule:
-        #target validation test:
-        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
-
-        #predicate validation test:
-        #maybe use iptables-test
-        #TODO: howto exit with evaluation error by shellscript?
-          #apperantly not possible from nix because evalatution wouldn't be deterministic.
         "${rule.predicate} -j ${rule.target}";
 
       buildTable = tn:
@@ -149,7 +123,7 @@ let
 
 #=====
 
-  rules4 = iptables-version:
+  rules = iptables-version:
     let
       #TODO: find out good defaults.
       tables-defaults = {
@@ -171,14 +145,14 @@ let
       tables = tables-defaults // cfg.tables;
 
     in
-      writeText "krebs-iptables-rules${toString iptables-version}" ''
+      pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
         ${buildTables iptables-version tables}
       '';
 
   startScript = pkgs.writeDash "krebs-iptables_start" ''
     set -euf
-    iptables-restore < ${rules4 4}
-    ip6tables-restore < ${rules4 6}
+    iptables-restore < ${rules "v4"}
+    ip6tables-restore < ${rules "v6"}
   '';
 
 in