gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(access): simplify firewall conditions

Browse source
This commit is contained in:
arcnmx 2024-05-20 12:19:16 -07:00
parent e51ae1d4ec
commit cd4c855df4
3 changed files with 15 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

20
nixos/reisen-ct/proxmox.nix
View file

@ -1,15 +1,13 @@
{
config,
system,
gensokyo-zone,
lib,
modulesPath,
...
}: let
inherit (gensokyo-zone.lib) unmerged coalesce;
inherit (gensokyo-zone.lib) unmerged;
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (lib.attrsets) mapAttrsToList;
inherit (lib.trivial) mapNullable;
inherit (system) proxmox;
in {
imports = [
@ -32,16 +30,12 @@ in {
})
proxmox.network.interfaces));
networking.firewall.interfaces.lan = let
inherit (proxmox.network) internal local;
conditions = coalesce [
(mapNullable (interface: ["iifname ${interface.name}"]) internal.interface)
(mapNullable (interface: config.networking.firewall.interfaces.local.nftables.conditions) local.interface)
];
networking.firewall.interfaces = let
inherit (proxmox.network) internal;
intConditions = ["iifname ${internal.interface.name}"];
in
mkIf (conditions != null) {
nftables = {
inherit conditions;
};
mkIf (internal.interface != null) {
lan.nftables.conditions = intConditions;
local.nftables.conditions = intConditions;
};
}