gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(nftables): lan rules

Browse source
This commit is contained in:
arcnmx 2024-01-24 12:59:28 -08:00
parent 59c61d021e
commit c321f3a502
6 changed files with 64 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/nixos/access.nix
View file

@ -6,6 +6,7 @@
inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
inherit (lib.options) mkOption;
inherit (lib.lists) optionals;
inherit (lib.strings) concatStringsSep;
inherit (config.services) tailscale avahi;
inherit (config) networking;
inherit (networking) hostName;
@ -83,4 +84,15 @@ in {
};
};
};
config.networking.firewall = {
interfaces.local = {
nftables.conditions = [
"ip saddr { ${concatStringsSep ", " networking.access.cidrForNetwork.local.v4} }"
(mkIf networking.enableIPv6
"ip6 saddr { ${concatStringsSep ", " networking.access.cidrForNetwork.local.v6} }"
)
];
};
};
}