gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(nftables): local firewall

Browse source
This commit is contained in:
arcnmx 2024-01-31 13:28:21 -08:00
parent 6dc06a746a
commit a283b4bf9a
9 changed files with 167 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/access/ldap.nix
View file

@ -10,7 +10,7 @@ let
inherit (lib.lists) optionals;
inherit (config.services) tailscale;
inherit (config.services.nginx) virtualHosts;
inherit (config.networking.access) cidrForNetwork;
inherit (config.networking.access) cidrForNetwork localaddrs;
access = config.services.nginx.access.ldap;
allows = let
mkAllow = cidr: "allow ${cidr};";
@ -18,7 +18,9 @@ let
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ optionals tailscale.enable cidrForNetwork.tail.all;
allows = concatMapStringsSep "\n" mkAllow allowAddresses;
allows = concatMapStringsSep "\n" mkAllow allowAddresses + optionalString localaddrs.enable ''
include ${localaddrs.stateDir}/*.nginx.conf;
'';
in ''
${allows}
deny all;