gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

daiyousei: Fix firewalling, etc

Browse source
This commit is contained in:
kat witch 2021-12-21 22:09:27 +00:00 committed by kat
parent 04992dc784
commit a87ac0e008
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
2 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
config/profiles/hardware/oracle/common.nix
View file

@ -264,14 +264,20 @@ in
};
};
};
mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
sourceProtos = cartesianProductOfSets {
source = [ ipv4 ipv6 ];
protocol = [ protoValues.TCP protoValues.UDP ];
};
mapPortswheeee = port: map ({ source, protocol }: mapPort source protocol port) sourceProtos;
rules = mapPortswheeee { from = 1; to = 65535; };
/*mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
mapAllForInterface =
let
protos = [ "TCP" "UDP" ];
types = [ "Ports" "PortRanges" ];
in
interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos) types;
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);
rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);*/
# TODO: use `count` and index into a fancy json or something?
in
listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)

10
config/targets/oci-root.nix
View file

@ -20,11 +20,15 @@
};
in
mkMerge [
(genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "privkey" "fingerprint" ]) (attr: {
value.shellCommand = "pass secrets/oracle-${head (reverseList (splitString "_" attr))}";
(genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "fingerprint" ]) (attr: {
value.shellCommand = "bitw get services/host/oracleapi -f ${head (reverseList (splitString "_" attr))}";
type = "string";
}))
{ "oci_root_privkey" = { sensitive = true; }; }
{ "oci_root_privkey" = {
value.shellCommand = "bitw get services/host/oracleapi";
type = "string";
sensitive = true;
}; }
];
providers.oci-root = {