From d282d77a99877e87804eaf2a16dcf11760667e55 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Mon, 26 Dec 2022 12:57:42 +0100
Subject: [PATCH] bundles/docker-ce: sort nftables rules

---
 bundles/docker-ce/metadata.py | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/bundles/docker-ce/metadata.py b/bundles/docker-ce/metadata.py
index 1315d1c..cf6e2bb 100644
--- a/bundles/docker-ce/metadata.py
+++ b/bundles/docker-ce/metadata.py
@@ -12,14 +12,6 @@ defaults = {
             'docker-ce-cli': {},
         },
     },
-    'nftables': {
-        'rules': {
-            '00-docker-ce': {
-                'inet filter forward ct state { related, established } accept',
-                'inet filter forward iifname docker0 accept',
-            },
-        },
-    },
 }
 
 
@@ -27,7 +19,10 @@ defaults = {
     'nftables/rules/00-docker-ce',
 )
 def nftables_nat(metadata):
-    rules = set()
+    rules = {
+        'inet filter forward ct state { related, established } accept',
+        'inet filter forward iifname docker0 accept',
+    }
 
     for iface in metadata.get('interfaces'):
         rules.add(f'nat postrouting oifname {iface} masquerade')
@@ -35,7 +30,7 @@ def nftables_nat(metadata):
     return {
         'nftables': {
             'rules': {
-                '00-docker-ce': rules,
+                '00-docker-ce': sorted(rules),
             },
         },
     }