gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(access): simplify firewall conditions

Browse source
This commit is contained in:
arcnmx 2024-05-20 12:19:16 -07:00
parent e51ae1d4ec
commit cd4c855df4
3 changed files with 15 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/nixos/access/cidr.nix
View file

@ -4,7 +4,7 @@
lib,
...
}: let
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
inherit (lib.options) mkOption;
inherit (lib.lists) optionals;
inherit (lib.strings) concatStringsSep;
@ -103,16 +103,19 @@ in {
};
config.networking = {
firewall = {
interfaces.local = {
firewall.interfaces = {
local = {
nftables.conditions = [
"ip saddr { ${concatStringsSep ", " (cfg.cidrForNetwork.local.v4 ++ cfg.cidrForNetwork.int.v4)} }"
"ip saddr { ${concatStringsSep ", " cfg.cidrForNetwork.local.v4} }"
(
mkIf networking.enableIPv6
"ip6 saddr { ${concatStringsSep ", " (cfg.cidrForNetwork.local.v6 ++ cfg.cidrForNetwork.int.v6)} }"
"ip6 saddr { ${concatStringsSep ", " cfg.cidrForNetwork.local.v6} }"
)
];
};
lan = {
nftables.conditions = mkIf config.networking.firewall.interfaces.local.nftables.enable (mkDefault config.networking.firewall.interfaces.local.nftables.conditions);
};
};
};
}