From 0db7d3b9430f9b5b2887296afb356585b468b3fe Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Mon, 20 Oct 2025 09:31:13 -0700
Subject: [PATCH] fix(nftables): empty peeps

---
 modules/nixos/access/peeps.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/access/peeps.nix b/modules/nixos/access/peeps.nix
index 7b8d1523..074924ee 100644
--- a/modules/nixos/access/peeps.nix
+++ b/modules/nixos/access/peeps.nix
@@ -15,7 +15,7 @@
   hasSops = options ? sops.secrets;
 in {
   options.networking.access.peeps = with lib.types; {
-    enable = mkEnableOption "peeps" // {default = hasSops;};
+    enable = mkEnableOption "peeps" // {default = hasSops && cfg.ranges != {};};
     ranges = mkOption {
       type = attrsOf str;
       default = {};
@@ -57,7 +57,7 @@ in {
     firewall.interfaces.peeps = {
       nftables.enable = cfg.enable;
       nftables.conditions = [
-        (mkIf (cfg.enable && networking.enableIPv6) condition)
+        (mkIf (cfg.enable && networking.enableIPv6 && cfg.ranges != {}) condition)
       ];
     };
   };