From a87ac0e00893a68837bc518cbeac9dcf6f88dcbe Mon Sep 17 00:00:00 2001
From: kat witch <kat@kittywit.ch>
Date: Tue, 21 Dec 2021 22:09:27 +0000
Subject: [PATCH] daiyousei: Fix firewalling, etc

---
 config/profiles/hardware/oracle/common.nix | 10 ++++++++--
 config/targets/oci-root.nix                | 10 +++++++---
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/config/profiles/hardware/oracle/common.nix b/config/profiles/hardware/oracle/common.nix
index c48c40d7..090b3c3b 100644
--- a/config/profiles/hardware/oracle/common.nix
+++ b/config/profiles/hardware/oracle/common.nix
@@ -264,14 +264,20 @@ in
                     };
                   };
                 };
-                mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
+                sourceProtos = cartesianProductOfSets {
+                  source = [ ipv4 ipv6 ];
+                  protocol = [ protoValues.TCP protoValues.UDP ];
+                };
+                mapPortswheeee = port: map ({ source, protocol }: mapPort source protocol port) sourceProtos;
+                rules = mapPortswheeee { from = 1; to = 65535; };
+                /*mapAll = protocol: port: [ (mapPort ipv4 protocol port) (mapPort ipv6 protocol port) ];
                 mapAllForInterface =
                   let
                     protos = [ "TCP" "UDP" ];
                     types = [ "Ports" "PortRanges" ];
                   in
                   interface: concatMap (type: concatMap (proto: (concatMap (port: (mapAll protoValues.${proto}) port) interface."allowed${proto}${type}")) protos) types;
-                rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);
+                rules = concatMap mapAllForInterface ([ firewall ] ++ map (interface: firewall.interfaces.${interface}) config.network.firewall.public.interfaces);*/
                 # TODO: use `count` and index into a fancy json or something?
               in
               listToAttrs (imap0 (i: rule: nameValuePair "firewall${toString i}" rule) rules)
diff --git a/config/targets/oci-root.nix b/config/targets/oci-root.nix
index 35d1d06b..8699f83e 100644
--- a/config/targets/oci-root.nix
+++ b/config/targets/oci-root.nix
@@ -20,11 +20,15 @@
             };
           in
           mkMerge [
-            (genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "privkey" "fingerprint" ]) (attr: {
-              value.shellCommand = "pass secrets/oracle-${head (reverseList (splitString "_" attr))}";
+            (genAttrs (map (value: "oci_root_${value}") [ "region" "tenancy" "user" "fingerprint" ]) (attr: {
+              value.shellCommand = "bitw get services/host/oracleapi -f ${head (reverseList (splitString "_" attr))}";
               type = "string";
             }))
-            { "oci_root_privkey" = { sensitive = true; }; }
+            { "oci_root_privkey" = {
+              value.shellCommand = "bitw get services/host/oracleapi";
+              type = "string";
+              sensitive = true;
+            }; }
           ];
 
         providers.oci-root = {